Date: Fri, 8 Jun 2012 15:04:37 -0500 From: "Kolasinski, Brent D." <bkolasinski@anl.gov> To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Netgraph and Netflow-v9 Message-ID: <CBF7C504.5C4C%bkolasinski@anl.gov>
next in thread | raw e-mail | index | archive | help
Hi All, I have been doing some tests with the FreeBSD ng_netflow module for netflow generation. I am trying to export v9 netflow records to another server running SiLK (which can receive v9 Netlfow from our Cisco routers just fine). When exporting v9 records from our FreeBSD-9-RELEASE server, we are getting this error on our SiLK server (this repeats many times): "rwflowpack[23113]: fBufNext: No Templates Present for Domain 0x000a" Now I modified the settemplates variable in ngctl to send a template every 20 seconds, but we are still getting this. As a sanity check, I tried exporting v5 netflow data from this FreeBSD box to the Silk box, and it happily receives it and processes it. The Silk server is receiving the v9 netflow datagrams, as I can see it with a PCAP. Any ideas as to what I am doing wrong? Am I using the export9 hook correctly in the commands listed below? There is not much documentation covering export9 out there (besides the tiny blurb in the FreeBSD9 Release notes). Here is a detail of my setup: 2 ethernet cards: 1) bce0 -> in promiscuous mode listening to traffic off of a tap 2) bce1 -> nic to be exporting netflow / connected to our network Commands I am using to export v9 netflow records in ngctl: mkpeer bce0: netflow lower iface0 name bce0:lower netflow connect bce0: netflow: upper out0 mkpeer netflow: ksocket export9 inet/dgram/udp msg netflow:export9 connect inet/<IP ADDRESS>:<PORT> Thanks!! ---------- Brent Kolasinski Cyber Security Program Office Argonne National Laboratory Phone: 630-252-2546
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CBF7C504.5C4C%bkolasinski>