Converting network traffic to netflow using fprobe

This support forum board is for support questions relating to Nagios Network Analyzer, our network traffic and bandwidth analysis solution.
Locked
itperf
Posts: 3
Joined: Thu Feb 28, 2019 1:20 pm

Converting network traffic to netflow using fprobe

Post by itperf »

Hello,
Using NNA 2.4.0 :

We've a CISCO 3750, which doesn't support Netflow, and we want to monitor it through NNA.
We configured into CISCO 3750 a spanning port (which we'll name "spanX" for the rest of this discussion) taking a copy of unique port.
If we connect the "spanX" port with a windows machine and used Wireshark, we're able to see traffic captured : it works fine.

We installed a CentOS linux server whith 2 network cards : one connected to LAN (eth1) and a second to "spanX" (eth2).
We disabled SElinux on this server, we installed fprobe on it : following the instructions you provide on your documentation and taking in care the authorizarion file.
We ran the fprobe as follow : fprobe -i eth2 <NNA_IP>:9915
nothing happens and we can't find the process running when we execute : ps -ef | grep fprobe

Final result : we're not able to convert the traffic coming from "spanX" into Netflow to use it with NNA.

Any suggestion please ?

Thanks & regards
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: Converting network traffic to netflow using fprobe

Post by tgriep »

fprobe should log to the /var/log/messages file. Try starting it again and check the messages file for any errors to see why it is not running.
Be sure to check out our Knowledgebase for helpful articles and solutions!
itperf
Posts: 3
Joined: Thu Feb 28, 2019 1:20 pm

Re: Converting network traffic to netflow using fprobe

Post by itperf »

Hello

I found the problem : it was on the command.
I had to put em2 instead of eth2.

Everything works fine with this configuration.

Thanks & regards
benjaminsmith
Posts: 5324
Joined: Wed Aug 22, 2018 4:39 pm
Location: saint paul

Re: Converting network traffic to netflow using fprobe

Post by benjaminsmith »

Hi @itperf
I found the problem : it was on the command.
I had to put em2 instead of eth2.
Everything works fine with this configuration.
Thanks & regards
Appreciate the follow up. We'll mark this as closed.

If you have any other issues, please open a new thread. Thank you for using the Nagios Support Forum.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
Locked