Date: Thu, 05 May 2005 14:13:57 -0700 From: Glenn Dawson <glenn@antimatter.net> To: freebsd-questions@freebsd.org Cc: Vince Hoffman <jhary@unsane.co.uk> Subject: Re: netgraph & netflow Message-ID: <6.1.0.6.2.20050505141221.1d658ad0@cobalt.antimatter.net>
next in thread | raw e-mail | index | archive | help
I didn't originally copy the list on this, but since there was a "me too"
post, here it is.
-Glenn
At 07:26 AM 5/5/2005, you wrote:
>Hi all. I'm trying to get ng_netflow to work, and I'm having a heck
>of a time doing so. So if anyone can shed some light on my problem,
>please do so. I've tried multiple configurations, and can't get it to
>work right. I can only get it to see traffic in one direction (for
>example, flows from other PCs to the server. Flows starting from the
>server started by something like fetch or ssh don't show up as
>sourcing from the server). Here is the config that I thought would do
>that, but it's not.
>
>mkpeer fxp1: tee lower right
>connect fxp1: fxp1:lower upper left
>mkpeer fxp1:lower netflow left2right iface0
>name fxp1:lower.left2right fxp1_netflow
>msg fxp1_netflow: setifindex { iface=0 index=5 }
>mkpeer fxp1_netflow: ksocket export inet/dgram/udp
>msg fxp1_netflow:export connect inet/127.0.0.1:9800
>
>Using this, when I run flowctl, it shows the source interface as ppp0
>and sometimes sl0, which isn't even connected, and a dest interface of
>fxp1. If I switch all the "left2right"s with "right2left"s, I get
>only flows going to the server...so after reading how the tee in
>netgraph works, I assumed if I switched it, it would show the other
>direction.
Try this...I've used it to catch flows in both directions for an em
interface....you can probably tweak it to work in your situation...
mkpeer em0: tee lower right
connect em0: em0:lower upper left
name em0:lower em0_tee
mkpeer em0_tee: netflow left2right iface0
name em0:lower.left2right netflow
connect em0_tee: netflow: right2left iface1
msg netflow: setifindex { iface=0 index=2 }
msg netflow: setifindex { iface=1 index=1 }
mkpeer netflow: ksocket export inet/dgram/udp
msg netflow:export connect inet/x.x.x.x:4444
-Glenn
>Any thoughts, suggestions?
>Thanks,
>--Brian
>
>--
>_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_
>Brian McCann
>Systems & Network Administrator, K12USA
>
>"I don't have to take this abuse from you -- I've got hundreds of
>people waiting to abuse me."
> -- Bill Murray, "Ghostbusters"
>_______________________________________________
>freebsd-questions@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.1.0.6.2.20050505141221.1d658ad0>