NetFlow v5 (from pfSense) -> NxFilter (latest)
286 views
Skip to first unread message
Matthew Marlowe
Oct 27, 2014, 1:13:24 PM10/27/14
to nxfil...@googlegroups.com
NetFlow data going out, but nothing recorded. I set level DEBUG and option 2 in cfg.properties for log_level, but I see no useful data...
recv_flow = 167, 500, etc... but flow_cnt always 0
Jinhee
Oct 27, 2014, 10:27:34 PM10/27/14
to nxfil...@googlegroups.com
Nothing changed on that part. Works very well on my testing environment which is the same as always.
INFO ({Thread-14} LogWriter.java[run]:515) [2014-10-29 11:25:00] - Still writing, log_cnt = 19, signal_cnt = 1, flow_cnt = 9, recv_flow = 7152.
Did you enable debug_flag?
debug_flag = 1
debug_level = 2
INFO ({Thread-14} LogWriter.java[run]:515) [2014-10-29 11:25:00] - Still writing, log_cnt = 19, signal_cnt = 1, flow_cnt = 9, recv_flow = 7152.
Did you enable debug_flag?
debug_flag = 1
debug_level = 2
Matthew Marlowe
Oct 28, 2014, 11:30:41 AM10/28/14
to nxfil...@googlegroups.com
Well, now it's logging - I don't see the issue?
192.168.102.209, DstAddr: 17.172.208.13, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 19, DOctets: 2748, First: 80414757, Last: 80415184, SrcPort: 51322, DstPort: 443, TcpFlags: 27, Prot: 6, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 17.172.208.13, DstAddr: 192.168.102.209, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 14, DOctets: 1133, First: 80414913, Last: 80415133, SrcPort: 443, DstPort: 51323, TcpFlags: 27, Prot: 6, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 192.168.102.209, DstAddr: 17.172.208.13, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 16, DOctets: 2381, First: 80414913, Last: 80415133, SrcPort: 51323, DstPort: 443, TcpFlags: 27, Prot: 6, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 17.172.208.13, DstAddr: 192.168.102.209, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 14, DOctets: 1133, First: 80415051, Last: 80415244, SrcPort: 443, DstPort: 51324, TcpFlags: 27, Prot: 6, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 192.168.102.209, DstAddr: 17.172.208.13, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 16, DOctets: 2376, First: 80415051, Last: 80415244, SrcPort: 51324, DstPort: 443, TcpFlags: 27, Prot: 6, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 192.168.10.50, DstAddr: 192.168.102.209, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 1, DOctets: 103, First: 80415223, Last: 80415254, SrcPort: 53, DstPort: 51207, TcpFlags: 0, Prot: 17, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 192.168.102.209, DstAddr: 192.168.10.50, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 1, DOctets: 55, First: 80415223, Last: 80415254, SrcPort: 51207, DstPort: 53, TcpFlags: 0, Prot: 17, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 192.168.10.50, DstAddr: 192.168.102.209, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 1, DOctets: 163, First: 80415224, Last: 80415285, SrcPort: 53, DstPort: 55830, TcpFlags: 0, Prot: 17, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 192.168.102.209, DstAddr: 192.168.10.50, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 1, DOctets: 76, First: 80415224, Last: 80415285, SrcPort: 55830, DstPort: 53, TcpFlags: 0, Prot: 17, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 192.168.10.50, DstAddr: 192.168.102.209, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 1, DOctets: 152, First: 80415225, Last: 80415260, SrcPort: 53, DstPort: 56070, TcpFlags: 0, Prot: 17, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 192.168.102.209, DstAddr: 192.168.10.50, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 1, DOctets: 63, First: 80415225, Last: 80415260, SrcPort: 56070, DstPort: 53, TcpFlags: 0, Prot: 17, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 192.168.10.50, DstAddr: 192.168.102.209, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 1, DOctets: 189, First: 80415227, Last: 80415260, SrcPort: 53, DstPort: 53111, TcpFlags: 0, Prot: 17, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 192.168.102.209, DstAddr: 192.168.10.50, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 1, DOctets: 59, First: 80415227, Last: 80415260, SrcPort: 53111, DstPort: 53, TcpFlags: 0, Prot: 17, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 17.172.208.13, DstAddr: 192.168.102.209, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 14, DOctets: 1133, First: 80415252, Last: 80415433, SrcPort: 443, DstPort: 51325, TcpFlags: 27, Prot: 6, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 192.168.102.209, DstAddr: 17.172.208.13, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 16, DOctets: 2423, First: 80415252, Last: 80415433, SrcPort: 51325, DstPort: 443, TcpFlags: 27, Prot: 6, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 17.172.208.13, DstAddr: 192.168.102.209, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 13, DOctets: 1091, First: 80415457, Last: 80415752, SrcPort: 443, DstPort: 51326, TcpFlags: 27, Prot: 6, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 192.168.102.209, DstAddr: 17.172.208.13, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 16, DOctets: 2417, First: 80415457, Last: 80415752, SrcPort: 51326, DstPort: 443, TcpFlags: 27, Prot: 6, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 17.172.208.13, DstAddr: 192.168.102.209, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 14, DOctets: 1133, First: 80415567, Last: 80415752, SrcPort: 443, DstPort: 51327, TcpFlags: 27, Prot: 6, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 192.168.102.209, DstAddr: 17.172.208.13, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 16, DOctets: 2483, First: 80415567, Last: 80415752, SrcPort: 51327, DstPort: 443, TcpFlags: 27, Prot: 6, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 17.172.208.13, DstAddr: 192.168.102.209, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 14, DOctets: 1134, First: 80415634, Last: 80415794, SrcPort: 443, DstPort: 51328, TcpFlags: 27, Prot: 6, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 192.168.102.209, DstAddr: 17.172.208.13, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 16, DOctets: 2425, First: 80415634, Last: 80415794, SrcPort: 51328, DstPort: 443, TcpFlags: 27, Prot: 6, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 192.168.102.209, DstAddr: 54.84.152.54, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 2, DOctets: 104, First: 77126484, Last: 77126484, SrcPort: 51054, DstPort: 80, TcpFlags: 16, Prot: 6, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 192.168.102.209, DstAddr: 69.31.17.179, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 2, DOctets: 104, First: 77126488, Last: 77126489, SrcPort: 51053, DstPort: 80, TcpFlags: 16, Prot: 6, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
DEBUG [10-28 11:28:59] - SrcAddr: 192.168.102.209, DstAddr: 69.31.17.179, NextHop: 0.0.0.0, InputIf: 0, OutputIf: 0, DPkts: 2, DOctets: 104, First: 77126489, Last: 77126489, SrcPort: 51047, DstPort: 80, TcpFlags: 16, Prot: 6, TOS: 0, SrcAS: 0, DstAS: 0, SrcMask: 0, DstMask: 0
INFO [10-28 11:29:00] - Still writing, log_cnt = 6, signal_cnt = 0, flow_cnt = 0, recv_flow = 31.
Why isn't it processing these?
Matthew Marlowe
Oct 28, 2014, 12:12:53 PM10/28/14
to nxfil...@googlegroups.com
OK - You can ignore this post as an issue. It wasn't recording the netflow records because Auth was turned off. I turned auth on, and added some client IPs to a user, and it's working.
So it means that Netflow is only recording for users.
Here is my request - I'd like to leave auth off for this network, or track by IP essentially. Now, I can turn auth on and create a user and add every IP possible to a user, but that's a lot of work on my end. Can Netflow be set to record by IP with auth off?
Purpose here is to track by IP, not requiring auth, but to prevent a specific IP or any specific IP of using too much bandwidth.. And then, of course to be able to set some users (by adding that IP to a user, and specifying that specific user has unlimited bandwidth, for servers, or specific users...)
Jinhee
Oct 28, 2014, 8:01:17 PM10/28/14
to nxfil...@googlegroups.com
I guess it will be recorded with one username but with many IP addresses.
Matthew Marlowe
Oct 28, 2014, 8:38:10 PM10/28/14
to nxfil...@googlegroups.com
Right, exactly that's how it is. I'd like to record bandwidth on a per IP basis. Can that be done..?
Matt
Matt
I guess it will be recorded with one username but with many IP addresses.
--
You received this message because you are subscribed to a topic in the Google Groups "NxFilter" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/nxfilter200/Y_-my0f-l7k/unsubscribe.
To unsubscribe from this group and all its topics, send an email to nxfilter200...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jinhee
Oct 28, 2014, 8:52:33 PM10/28/14
to nxfil...@googlegroups.com
Not possible. Applying policy is only possible when there's a username.
Reply all
Reply to author
Forward
0 new messages