[netflow-tools] issues with flowd and CISCO ASA
Jonathan Fontaine
jfontaine420 at gmail.com
Wed Mar 21 07:24:16 EST 2012
Hi,
I have posted an issue on the google code page but it seems this mailing
list is still used.
So here is the issue I posted :
______________________________________________________________________________________________________________
Hi,
Collecting netflow v9 data from a CISCO ASA 5505 with flowd
When I take a look at the collected data, all values are set to 0 for the
"octects" and "packets" fields.
I know a patch has been issued to resolved this issue so I successfully
applied the first patch (asa_patch.diff).
I had trouble applying the second patch (asa_patch_2.diff). I get the
following output when trying to patch the netflow.h file :
Hunk #1 FAILED at 162.
1 out of 1 hunk FAILED -- saving rejects to file
This is the content of netflow.h.rej :
--- netflow.h Sun Oct 31 16:36:52 2010 +0000
+++ netflow.h Wed Aug 31 09:09:01 2011 -0400
@@ -162,7 +162,10 @@
#define NF9_ENGINE_ID 39
/* ... */
#define NF9_IPV6_NEXT_HOP 62
-
+/* ... */
+//Cisco ASA Netflow
+#define NF9_ASA_NF_F_FLOW_BYTES 85
+/* ... */
+#define NF9_ASA_NF_F_FW_EVENT 40005
#endif /* _NETFLOW_H */
-
I am using flowd 0.9.1 on CentOS 6.2
Thanks for the great collector by the way
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mindrot.org/pipermail/netflow-tools/attachments/20120320/d9fcd2ef/attachment-0001.html>
More information about the netflow-tools
mailing list