[netsa-tools-discuss] Store all IPFIX flows from NAT

Alexander Khokhlov hohlovap at gmail.com
Mon Jun 18 10:10:59 EDT 2018 

Hello, I need to collect and store IPFIX flows from NAT servers.
Is it possible to collect IE 225-228,323? Please help, cant handle it!

Jun 18 16:50:07 s078r rwflowpack[27567]:
IGNORED|10.203.9.160|46.173.38.219|57099|41328|6|0|0|no forward/reverse
octets|
Jun 18 16:50:07 s078r rwflowpack[27567]: IPFIX Message out of sequence (in
domain 00000000, expected 19369e1b, got 469de6cb)
Jun 18 16:50:07 s078r rwflowpack[27567]: Domain 000000, TemplateID 0X0102,
Contains 11 Elements, Enabled by SILK_IPFIX_PRINT_TEMPLATES
Jun 18 16:50:07 s078r rwflowpack[27567]: Domain 000000, TemplateID 0X0102,
Position   0, Length     8, IE         323, Name observationTimeMilliseconds
Jun 18 16:50:07 s078r rwflowpack[27567]: Domain 000000, TemplateID 0X0102,
Position   1, Length     4, IE           8, Name sourceIPv4Address
Jun 18 16:50:07 s078r rwflowpack[27567]: Domain 000000, TemplateID 0X0102,
Position   2, Length     4, IE          12, Name destinationIPv4Address
Jun 18 16:50:07 s078r rwflowpack[27567]: Domain 000000, TemplateID 0X0102,
Position   3, Length     4, IE         225, Name postNATSourceIPv4Address
Jun 18 16:50:07 s078r rwflowpack[27567]: Domain 000000, TemplateID 0X0102,
Position   4, Length     4, IE         226, Name
postNATDestinationIPv4Address
Jun 18 16:50:07 s078r rwflowpack[27567]: Domain 000000, TemplateID 0X0102,
Position   5, Length     2, IE           7, Name sourceTransportPort
Jun 18 16:50:07 s078r rwflowpack[27567]: Domain 000000, TemplateID 0X0102,
Position   6, Length     2, IE          11, Name destinationTransportPort
Jun 18 16:50:07 s078r rwflowpack[27567]: Domain 000000, TemplateID 0X0102,
Position   7, Length     2, IE         227, Name postNAPTSourceTransportPort
Jun 18 16:50:07 s078r rwflowpack[27567]: Domain 000000, TemplateID 0X0102,
Position   8, Length     2, IE         228, Name
postNAPTDestinationTransportPort
Jun 18 16:50:07 s078r rwflowpack[27567]: Domain 000000, TemplateID 0X0102,
Position   9, Length     1, IE           4, Name protocolIdentifier
Jun 18 16:50:07 s078r rwflowpack[27567]: Domain 000000, TemplateID 0X0102,
Position  10, Length     1, IE         230, Name natEvent
Jun 18 16:50:07 s078r rwflowpack[27567]:
IGNORED|10.202.181.195|80.77.168.44|37680|80|6|0|0|no forward/reverse
octets|
Jun 18 16:50:07 s078r rwflowpack[27567]:
IGNORED|10.202.180.217|149.154.175.50|55263|443|6|0|0|no forward/reverse
octets|
Jun 18 16:50:07 s078r rwflowpack[27567]:
IGNORED|10.202.148.162|149.154.167.91|55439|5222|6|0|0|no forward/reverse
octets|
Jun 18 16:50:07 s078r rwflowpack[27567]:
IGNORED|10.202.157.221|94.100.180.26|54182|80|6|0|0|no forward/reverse
octets|
Jun 18 16:50:07 s078r rwflowpack[27567]:
IGNORED|10.201.6.97|149.154.167.51|19207|443|6|0|0|no forward/reverse
octets|
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the netsa-tools-discuss mailing list