I am working with Netflow v9 in Cisco Swichs and NNA.
Is possible doing a query know the follow info of a flow?
- source MAC, destination MAC
- input interface of switch, output interface of switch
info Netflow v9 and NNA
Re: info Netflow v9 and NNA
I see this example:
flow record MAC_RECORD
match datalink mac source address input
match datalink mac destination address input
match ipv4 protocol
match ipv4 source address
match ipv4 source mask
match ipv4 destination address
match ipv4 destination mask
match transport source-port
match transport destination-port
match interface input
match interface output
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
flow record MAC_RECORD
match datalink mac source address input
match datalink mac destination address input
match ipv4 protocol
match ipv4 source address
match ipv4 source mask
match ipv4 destination address
match ipv4 destination mask
match transport source-port
match transport destination-port
match interface input
match interface output
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
Re: info Netflow v9 and NNA
so... maybe NNA does not work with these fields (MAC and interface) but if you use nfdump commands you can extract this information
Is true?
Is true?
Re: info Netflow v9 and NNA
If you can get the Cisco Switch to send the information to the NNA server, the nfcapd daemons should capture the information.
Then, to get a RAW, CSV output of the data, you could run this command on one of the nfcapd files.
For more options, see these links.
http://manpages.ubuntu.com/manpages/xen ... ump.1.html
http://nfdump.sourceforge.net/
https://blog.programster.org/nfdump-cheatsheet
Then, to get a RAW, CSV output of the data, you could run this command on one of the nfcapd files.
Code: Select all
nfdump -r nfcapd.202002101005 -o raw -o csv
http://manpages.ubuntu.com/manpages/xen ... ump.1.html
http://nfdump.sourceforge.net/
https://blog.programster.org/nfdump-cheatsheet
Be sure to check out our Knowledgebase for helpful articles and solutions!
Netflow and recollect MAC address
I have configured switch Cisco for send Netflow with field MAC address.
I have checked that the switch send flows with MAC.
Is possible store MAC address in flows of NNA / nfcapd?
I have checked that the switch send flows with MAC.
Is possible store MAC address in flows of NNA / nfcapd?
Re: info Netflow v9 and NNA
I do not have access to a Cisco Device to test your configuration example.
I suggest adding those options to the Cisco test device and send the data to the NNA server, then run the nfdump command with the raw option and see if the data is there.
From what I read, as long as the flow data is correct and has the data, you should be able dump it with the -raw option.
I suggest adding those options to the Cisco test device and send the data to the NNA server, then run the nfdump command with the raw option and see if the data is there.
From what I read, as long as the flow data is correct and has the data, you should be able dump it with the -raw option.
Be sure to check out our Knowledgebase for helpful articles and solutions!