Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 11 Jun 2012 17:38:49 -0500
From:      "Kolasinski, Brent D." <bkolasinski@anl.gov>
To:        "Alexander V. Chernikov" <melifaro@FreeBSD.org>
Cc:        "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Subject:   Re: Netgraph and Netflow-v9
Message-ID:  <CBFBDCB4.5EBC%bkolasinski@anl.gov>
In-Reply-To: <CBFBD72D.5EAC%bkolasinski@anl.gov>
next in thread | previous in thread | raw e-mail | index | archive | help 
It appears that it may be something with my current collector.  While
debugging today, I decided to attempt to run Silk locally on the FreeBSD
netflow box. =20

When exporting locally, it is reading the netflow-v9 records.  Yay!

Our collector is an older Linux box with a manually compiled current
version of Silk (not that it should matter which OS is running on the
collector) with the libfixbuf patch installed.  I wonder what is going on
there, alas, that is not your problem :)

Thanks for the help!

----------
Brent Kolasinski
Cyber Security Program Office
Argonne National Laboratory
Phone: 630-252-2546




On 6/11/12 5:16 PM, "Kolasinski, Brent D." <bkolasinski@anl.gov> wrote:

>
>On 6/11/12 12:36 PM, "Alexander V. Chernikov" <melifaro@FreeBSD.org>
>wrote:
>>
>>It seems so.
>>
>>Can you show "ngctl msg netflow: info" ouput ?
>
>Rec'd response "info" (805306369) from "[16]:":
>Args:	{ IPv4 bytes=3D4828162266587 IPv4 packets=3D1005674835 IPv4 records
>used=3D61793 fibs allocated=3D1 Active expiries=3D26901592 Inactive
>expiries=3D133410564 Inactive timeout=3D15 Active timeout=3D1800 }
>
>
>Now I am generating v5 netflow as well so I can compare - which I am
>seeing on the collector.  I can turn that off and just leave v9 on if that
>helps for debugging purposes.
>
>>
>> > 1) bce0 -> in promiscuous mode listening to traffic off of a tap
>>
>>Does bce0 have both UP and RUNNING flags set ?
>
>Yup.  Status is:
>
>bce0: flags=3D28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,PPROMIS=
C>
>metric 0 mtu 1500
>	options=3Dc01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCS=
UM
>,
>TSO4,VLAN_HWTSO,LINKSTATE>
>	ether 00:19:b9:**:**:**
>	nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>	media: Ethernet autoselect (1000baseT <full-duplex>)
>	status: active
>
>
>--Brent
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CBFBDCB4.5EBC%bkolasinski>