netgraph & netflow

From: Brian McCann (bjmccann_at_gmail.com)
Date: 05/05/05

  • Next message: Lumsden,Stephen: "re: IBM Tivoli TSM-client (5.x) under FreeBSD" 
    Date: Thu, 5 May 2005 10:26:36 -0400
To: freebsd-questions <freebsd-questions@freebsd.org>

    Hi all. I'm trying to get ng_netflow to work, and I'm having a heck
    of a time doing so. So if anyone can shed some light on my problem,
    please do so. I've tried multiple configurations, and can't get it to
    work right. I can only get it to see traffic in one direction (for
    example, flows from other PCs to the server. Flows starting from the
    server started by something like fetch or ssh don't show up as
    sourcing from the server). Here is the config that I thought would do
    that, but it's not.

    mkpeer fxp1: tee lower right
    connect fxp1: fxp1:lower upper left
    mkpeer fxp1:lower netflow left2right iface0
    name fxp1:lower.left2right fxp1_netflow
    msg fxp1_netflow: setifindex { iface=0 index=5 }
    mkpeer fxp1_netflow: ksocket export inet/dgram/udp
    msg fxp1_netflow:export connect inet/127.0.0.1:9800

    Using this, when I run flowctl, it shows the source interface as ppp0
    and sometimes sl0, which isn't even connected, and a dest interface of
    fxp1. If I switch all the "left2right"s with "right2left"s, I get
    only flows going to the server...so after reading how the tee in
    netgraph works, I assumed if I switched it, it would show the other
    direction.

    Any thoughts, suggestions?
    Thanks,
    --Brian 

    -- 
_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_
Brian McCann
Systems & Network Administrator, K12USA
"I don't have to take this abuse from you -- I've got hundreds of
people waiting to abuse me."
                -- Bill Murray, "Ghostbusters"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
  • Next message: Lumsden,Stephen: "re: IBM Tivoli TSM-client (5.x) under FreeBSD"

    Relevant Pages

    • Re: netgraph & netflow
      ... flows from other PCs to the server. ... >mkpeer fxp1: tee lower right ... mkpeer em0_tee: netflow left2right iface0 ...
      (freebsd-questions)
    • Re: Mail Flow Issues
      ... Check the configuration of your Active Directory sites, because Exchange 2007 uses that topology for mail routing. ... Also check DNS to ensure that every server is looking to a DNS server that has the correct entries for yoru organization. ... > Internet bound mail goes from Site A Hub through ISA to the edge ... > Intersite mail from Site A to Site B flows via SMTP Relay to ...
      (microsoft.public.exchange.admin)
    • Re: netgraph & netflow
      ... flows from other PCs to the server. ... >>Brian McCann ... "I don't have to take this abuse from you -- I've got hundreds of people waiting to abuse me." ...
      (freebsd-questions)
    • Re: netgraph & netflow
      ... On Thu, 5 May 2005, Brian McCann wrote: ... flows from other PCs to the server. ... > Using this, when I run flowctl, it shows the source interface as ppp0 ...
      (freebsd-questions)
    • Mail Flow Issues
      ... Each site has seperate Hub transport ... Each site has seperate Mailbox server ... Internet bound mail goes from Site A Hub through ISA to the edge ... Intersite mail from Site A to Site B flows via SMTP Relay to ...
      (microsoft.public.exchange.admin)