Date: Thu, 5 May 2005 10:26:36 -0400 From: Brian McCann <bjmccann@gmail.com> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: netgraph & netflow Message-ID: <2b5f066d050505072671fff21b@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all. I'm trying to get ng_netflow to work, and I'm having a heck of a time doing so. So if anyone can shed some light on my problem, please do so. I've tried multiple configurations, and can't get it to work right. I can only get it to see traffic in one direction (for example, flows from other PCs to the server. Flows starting from the server started by something like fetch or ssh don't show up as sourcing from the server). Here is the config that I thought would do that, but it's not. mkpeer fxp1: tee lower right connect fxp1: fxp1:lower upper left mkpeer fxp1:lower netflow left2right iface0 name fxp1:lower.left2right fxp1_netflow msg fxp1_netflow: setifindex { iface=3D0 index=3D5 } mkpeer fxp1_netflow: ksocket export inet/dgram/udp msg fxp1_netflow:export connect inet/127.0.0.1:9800 Using this, when I run flowctl, it shows the source interface as ppp0 and sometimes sl0, which isn't even connected, and a dest interface of fxp1. If I switch all the "left2right"s with "right2left"s, I get only flows going to the server...so after reading how the tee in netgraph works, I assumed if I switched it, it would show the other direction. Any thoughts, suggestions? Thanks, --Brian --=20 _-=3D-_-=3D-_-=3D-_-=3D-_-=3D-_-=3D-_-=3D-_-=3D-_-=3D-_-=3D-_-=3D-_ Brian McCann Systems & Network Administrator, K12USA "I don't have to take this abuse from you -- I've got hundreds of people waiting to abuse me." -- Bill Murray, "Ghostbusters"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2b5f066d050505072671fff21b>