From netramet-owner  Tue Feb  6 22:42:59 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id WAA23465
       for netramet-outgoing; Tue, 6 Feb 2001 22:39:35 +1300 (NZDT)
Received: from mail.accuris.ie (mail.accuris.ie [195.7.42.139])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id WAA23458
       for <[email protected]>; Tue, 6 Feb 2001 22:39:32 +1300 (NZDT)
Received: from dublin.accuris.ie (unverified) by mail.accuris.ie
(Content Technologies SMTPRS 4.1.5) with ESMTP id <[email protected]> for <[email protected]>;
Tue, 6 Feb 2001 09:39:47 +0000
Received: by dublin.accuris.ie with Internet Mail Service (5.5.2650.21)
       id <C0W07PNV>; Tue, 6 Feb 2001 09:33:41 -0000
Message-ID: <[email protected]>
From: "Wang, Hai" <[email protected]>
To: "'[email protected]'" <[email protected]>
Subject: Running NeTraMet for PC
Date: Tue, 6 Feb 2001 09:33:30 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
       charset="iso-8859-1"
Sender: [email protected]
Precedence: bulk

Hello everybody,
      I tried to run NeTraMet in a PC running winNT4.0, I followed the
readme for the instruction, but I couldn't proceed it because I couldn't get
several procedures done written in the Readme file:

 Step 4

  Edit the pd.bat file so that it is correct for the ethernet
  card(s) you are using.  The DRIVERS directory contains packet
  drivers for NE2000, SMC_WD and 3C509 cards; these have been
  modified so as to support NeTraMet's 'high-performance packet
  driver' option.  If you are using any other kind of ethernet
  card you'll have to copy a packet driver for it into this
  directory.

Questions:
I am using Ethernet Card 3c900-combo, I don't know how to edit pad.bat to
reflect the card because I don't know the meaning of the parameters
following "\drivers\3c900-combo".

Step 5 :

I am using 32-bit NeTraMet, but I couldn't find the file "EMM386.EXE" from
my PC' WINDOWS.

If anyone of you has some ideas how to solve the problem, please reply to
me, I appreciate it.

Thank you in advance!

Hai Wang

PS: I am wondering whether there is any other impelemtations besides
NetRaMet?


Accuris Limited,
East Point Bussiness Park,    Direct: +353 1 8875582
Dublin 3,                                Fax   : +353 1 8875100
Ireland


From netramet-owner  Fri Feb 16 03:42:29 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id DAA24146
       for netramet-outgoing; Fri, 16 Feb 2001 03:39:19 +1300 (NZDT)
Received: from ratel.ru (IDENT:[email protected] [212.30.151.90])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with SMTP id DAA24140
       for <[email protected]>; Fri, 16 Feb 2001 03:39:15 +1300 (NZDT)
From: [email protected]
Received: (qmail 7432 invoked by uid 71); 15 Feb 2001 14:39:19 -0000
Received: from unknown (HELO 212.30.151.51) (212.30.151.51)
 by jumbo.ccs.ru with SMTP; 15 Feb 2001 14:39:19 -0000
Date: Thu, 15 Feb 2001 17:39:13 +0300
X-Mailer: The Bat! (v1.44)
Reply-To: [email protected]
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
To: [email protected]
Subject: where are mistake?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: [email protected]
Precedence: bulk

       Hello eveyone. After sucessful install and fully configure, i
began testing the netramet on real network, and show stragne thing.
Traffic getting from NeMaC is biggest than getting from ip accounting.
(i know, that teoretic it can be smaller, but practice get other
results ) I tryed dufferent confuguration, but it do not has effects.

My situation:

  NetFlowMet running always, it start with "NetFlowMet -w write -f
100000 -b 20000 -t 40000 -v 3000 -e 600 -D" via command line, and
succeful starting in daemon mode.

        NeMaC running always, start with "NeMaC -F today.flw -g 3600
-L today.log -b mib.txt -r cur.rules -c60 x.x.x.x write -D" where
cur.rules is simple rules, that collect all trafic from router, and
dump it to flow file, and x.x.x.x - address of collector (netflowmet
and nemac running at same x86 mashine under fBSD 4.1).

   Every 23:59 starting shell script, that move flow data file to
history directory, and set NeMaC.flag in work directory. NeMaC after
some interval create new flow file, and close previous. After that
script start fd_filter utility with next options "fd_filter
format.file flow_data_file > results.flw ( i'm not use trailer, but it
does not render essential influence  ) format.file is following:

------format.file

SourcePeerAddress DestPeerAddress SourceASN DestASN ToOctets
FromOctets d_ToOctets d_FromOctets ToPDUs FromPDUs d_ToPDUs d_FromPDUs

-------

Than, calculate results simply extract for selected host d_ToOctets
d_FromOctets column, and summary it ( i'm correct calculate process if
host interesting for me move from source to destination of cose ).

  Is any incorrect in below work ? Where me mistake ?

--  Best regards,  Vlad F Kropachew mailto:[email protected]



From netramet-owner  Fri Feb 16 20:14:05 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id UAA20384
       for netramet-outgoing; Fri, 16 Feb 2001 20:10:30 +1300 (NZDT)
Received: from smtp3.alkar.net (saraksh.alkar.net [195.248.191.65])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id UAA20378
       for <[email protected]>; Fri, 16 Feb 2001 20:10:25 +1300 (NZDT)
Received: from orphanage.alkar.net (orphanage.alkar.net [212.86.226.11])
       by smtp3.alkar.net with ESMTP id f1G7AK267610
       for <[email protected]>; Fri, 16 Feb 2001 09:10:20 +0200 (EET)
Received: from mwg by orphanage.alkar.net with local (Exim 3.22 #1 (Debian))
       id 14Tf24-0000Ka-00
       for <[email protected]>; Fri, 16 Feb 2001 09:10:20 +0200
Date: Fri, 16 Feb 2001 09:10:19 +0200
To: [email protected]
Subject: NetFlowMet, increasing MXINTERFACES
Message-ID: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
User-Agent: Mutt/1.3.12i
From: Wladimir Mutel <[email protected]>
Sender: [email protected]
Precedence: bulk

       Hello,

       I use NetFlowMet to collect NetFlow statistics from several Cisco
       routers. I configure each Cisco to send NetFlow udp packets to
       different udp ports of NetFlowMet host. On this host I run NetFlowMet
       this way :

/NetFlowMet -D -i 8485 -i 8486 -i 8487 -w commm -f 100000 -u 20000 -b 5000 -t 20000 -v 1000 -e 200

       And I use the following .srl-file to load in the meter :

IF SourcePeerType == IP SAVE ;
ELSE IGNORE;  # Not IP

SAVE SourceInterface;
SAVE DestInterface;
SAVE SourcePeerAddress;
SAVE SourceTransAddress;
SAVE DestPeerAddress;
SAVE DestTransAddress;
SAVE SourceTransType;
SAVE SourceASN;
SAVE DestASN;
SAVE MeterId;

COUNT;

SET 5;
FORMAT SourceASN "-" DestASN SourcePeerAddress  ":" SourceTransAddress " "
       DestPeerAddress ":" DestTransAddress " " ToOctets ToPDUs " proto "
       SourceTransType SourceInterface "->" DestInterface MeterId;
STATISTICS;

       So I can distinguish different routers by their MeterIds. But I found
       out that maximum number of udp ports and MeterIds in one running
       NetFlowMet is 4. I tried to redefine MXINTERFACES in meter_ux.c from 4
       to 8, but it did not seem to help much.

       Should I maybe check any more sources and definitions ?
       Thanks in advance for any help from somebody who managed to do what I
       want.

From netramet-owner  Sat Feb 24 09:25:47 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id JAA10264
       for netramet-outgoing; Sat, 24 Feb 2001 09:18:12 +1300 (NZDT)
Received: from nmta.cc.sunysb.edu (nmta.cc.sunysb.edu [129.49.2.77])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id JAA10256
       for <[email protected]>; Sat, 24 Feb 2001 09:18:11 +1300 (NZDT)
From: [email protected]
Subject: NetFlowMet
To: [email protected]
X-Mailer: Lotus Notes Release 5.0.5  September 22, 2000
Message-ID: <[email protected]>
Date: Fri, 23 Feb 2001 15:17:47 -0500
X-MIMETrack: Serialize by Router on nmta.cc.sunysb.edu/DoIT(Release 5.0.5 |September 22, 2000) at
02/23/2001 03:17:51 PM
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: quoted-printable
Sender: [email protected]
Precedence: bulk

I just installed NeTraMet and I'm trying to see the data off of our Cis=
co
routers.  I'm looking at UDP port 6000.  When I run NetFlowMet -i 6000,=

this is what I see:

1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE

Any suggestions?

Thanks,
Matthew Engel
Senior Programmer
State University of New York at Stony Brook
[email protected]=



From netramet-owner  Sat Feb 24 11:03:14 2001
Received: (from majordom@localhost)
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id LAA16144
       for netramet-outgoing; Sat, 24 Feb 2001 11:00:37 +1300 (NZDT)
Received: from nmta.cc.sunysb.edu (nmta.cc.sunysb.edu [129.49.2.77])
       by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id LAA16139
       for <[email protected]>; Sat, 24 Feb 2001 11:00:35 +1300 (NZDT)
From: [email protected]
Subject: Re: NetFlowMet
To: [email protected]
X-Mailer: Lotus Notes Release 5.0.5  September 22, 2000
Message-ID: <[email protected]>
Date: Fri, 23 Feb 2001 17:00:11 -0500
X-MIMETrack: Serialize by Router on nmta.cc.sunysb.edu/DoIT(Release 5.0.5 |September 22, 2000) at
02/23/2001 05:00:15 PM
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: quoted-printable
Sender: [email protected]
Precedence: bulk

To answer my own question, I've found that my router is giving NetFlow =
6
data.  There is a problem with meter_ux.c line 305. It should read as
follows:

     log_msg(LOG_ERR, 0,
        "nf_read(%s): NF version %d ???", pi->name, nf_version);

Now.  The next question has a fix been made for NetFlow 6?

Thanks,
Matthew Engel
Senior Programmer
State University of New York at Stony Brook
[email protected]



                                                                      =
                                                =20
                   [email protected]                                =
                                                =20
                   ysb.edu                    To:     netramet@aucklan=
d.ac.nz                                          =20
                   Sent by:                   cc:                     =
                                                =20
                   netramet-owner@auck        Subject:     NetFlowMet =
                                                =20
                   land.ac.nz                                         =
                                                =20
                                                                      =
                                                =20
                                                                      =
                                                =20
                   02/23/01 03:17 PM                                  =
                                                =20
                                                                      =
                                                =20
                                                                      =
                                                =20




I just installed NeTraMet and I'm trying to see the data off of our Cis=
co
routers.  I'm looking at UDP port 6000.  When I run NetFlowMet -i 6000,=

this is what I see:

1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE
1607:10  `=AE

Any suggestions?

Thanks,
Matthew Engel
Senior Programmer
State University of New York at Stony Brook
[email protected]




=

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.