Date: Sat, 09 Jun 2012 14:01:46 +0400 From: "Alexander V. Chernikov" <melifaro@FreeBSD.org> To: "Kolasinski, Brent D." <bkolasinski@anl.gov> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: Netgraph and Netflow-v9 Message-ID: <4FD31F0A.5090306@FreeBSD.org> In-Reply-To: <CBF7C504.5C4C%bkolasinski@anl.gov> References: <CBF7C504.5C4C%bkolasinski@anl.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09.06.2012 00:04, Kolasinski, Brent D. wrote: > Hi All, > > I have been doing some tests with the FreeBSD ng_netflow module for > netflow generation. I am trying to export v9 netflow records to another > server running SiLK (which can receive v9 Netlfow from our Cisco routers > just fine). > > When exporting v9 records from our FreeBSD-9-RELEASE server, we are > getting this error on our SiLK server (this repeats many times): > "rwflowpack[23113]: fBufNext: No Templates Present for Domain 0x000a" > > Now I modified the settemplates variable in ngctl to send a template every > 20 seconds, but we are still getting this. It should disappear after 5-10 minutes. We're using several FreeBSD v9 sensors with flowd and it seems to run fine (except first 5 minutes while waiting for template). I'm aware about the problem with templates timeout working incorrectly and I plan to fix this soon. > > As a sanity check, I tried exporting v5 netflow data from this FreeBSD box > to the Silk box, and it happily receives it and processes it. The Silk > server is receiving the v9 netflow datagrams, as I can see it with a PCAP. > > Any ideas as to what I am doing wrong? Am I using the export9 hook > correctly in the commands listed below? There is not much documentation > covering export9 out there (besides the tiny blurb in the FreeBSD9 Release > notes). > > Here is a detail of my setup: > 2 ethernet cards: > 1) bce0 -> in promiscuous mode listening to traffic off of a tap > 2) bce1 -> nic to be exporting netflow / connected to our network > > Commands I am using to export v9 netflow records in ngctl: > > mkpeer bce0: netflow lower iface0 > name bce0:lower netflow > connect bce0: netflow: upper out0 > mkpeer netflow: ksocket export9 inet/dgram/udp > msg netflow:export9 connect inet/<IP ADDRESS>:<PORT> > > > Thanks!! > > ---------- > Brent Kolasinski > Cyber Security Program Office > Argonne National Laboratory > Phone: 630-252-2546 > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- WBR, Alexander
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FD31F0A.5090306>