I had already got nprobe working as a netflow packet translator and Orion netflow
module was able to see the packets and it was all working fine.
Now the product is going into the live environment the nprobe command
doesn't seem to manipulate the netflow sender's index numbers to allow
the orion module to see the traffic as coming from a valid monitored interface.
It always says that the module is receiving netflow packets from an unmonitored interface but
it isn't.
If anyone has any experience with this I have tried as much as i can.
Here is all the info.
I have a server with a quad port with each interface connected to a cisco switch in span mode. The other physical interface with the ip address on is connected to a normal port.
I did an snmp walk and saw that the interface index number was 65541 and the nprobe interface index number was 2. The sending interface of the server is snmp index number 458755
Now i have tried about 50 combinations of the following command
nprobe :
nprobe /c -i 2 -n x.x.15.135:2055 -u 65541 -Q 458755
I have run ethereal and the netflow packets reach the orion server but the error message about
the interface always occurs.
If anyone has any ideas that would be great.
Sam
