From owner-freebsd-questions@FreeBSD.ORG Thu May 5 20:22:30 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03E0E16A4CE for ; Thu, 5 May 2005 20:22:30 +0000 (GMT) Received: from unsane.co.uk (unsane.co.uk [62.140.220.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2544D43D5C for ; Thu, 5 May 2005 20:22:29 +0000 (GMT) (envelope-from jhary@unsane.co.uk) Received: from unsane.co.uk (localhost [127.0.0.1]) by unsane.co.uk (8.13.3/8.13.3) with ESMTP id j45KLK9U076710 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 5 May 2005 21:21:20 +0100 (BST) (envelope-from jhary@unsane.co.uk) Received: from localhost (jhary@localhost) by unsane.co.uk (8.13.3/8.13.3/Submit) with ESMTP id j45KLJgA076707 for ; Thu, 5 May 2005 21:21:20 +0100 (BST) (envelope-from jhary@unsane.co.uk) Date: Thu, 5 May 2005 21:21:19 +0100 (BST) From: Vince Hoffman To: freebsd-questions In-Reply-To: <2b5f066d050505072671fff21b@mail.gmail.com> Message-ID: <20050505211837.A76016@unsane.co.uk> References: <2b5f066d050505072671fff21b@mail.gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Re: netgraph & netflow X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 20:22:30 -0000 On Thu, 5 May 2005, Brian McCann wrote: > Hi all. I'm trying to get ng_netflow to work, and I'm having a heck > of a time doing so. So if anyone can shed some light on my problem, > please do so. I've tried multiple configurations, and can't get it to > work right. I can only get it to see traffic in one direction (for > example, flows from other PCs to the server. Flows starting from the > server started by something like fetch or ssh don't show up as > sourcing from the server). Here is the config that I thought would do > that, but it's not. > > mkpeer fxp1: tee lower right > connect fxp1: fxp1:lower upper left > mkpeer fxp1:lower netflow left2right iface0 > name fxp1:lower.left2right fxp1_netflow > msg fxp1_netflow: setifindex { iface=0 index=5 } > mkpeer fxp1_netflow: ksocket export inet/dgram/udp > msg fxp1_netflow:export connect inet/127.0.0.1:9800 > > Using this, when I run flowctl, it shows the source interface as ppp0 > and sometimes sl0, which isn't even connected, and a dest interface of > fxp1. If I switch all the "left2right"s with "right2left"s, I get > only flows going to the server...so after reading how the tee in > netgraph works, I assumed if I switched it, it would show the other > direction. > > Any thoughts, suggestions? > Thanks, > --Brian I'm afraid all i can offer is a "me too" I was experienceing the same and eventualy gave up and switched to softflowd which seems to be working fine so far. I'd be interested to know if you get it working though. Vince > > -- > _-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_ > Brian McCann > Systems & Network Administrator, K12USA > > "I don't have to take this abuse from you -- I've got hundreds of > people waiting to abuse me." > -- Bill Murray, "Ghostbusters" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >