[netsa-tools-discuss] RWFLOWPACK error but still process ipfix
Mark Thomas
mthomas at cert.org
Mon May 14 12:02:16 EDT 2018
Joseph-
Thank you for your question.
Using the default configuration for SiLK, I do not see how that
error can be generated. I need some additional information to
determine why rwflowpack is not acting as expected.
If possible, would you please send me the output of
rwflowpack --version
Is this a SiLK installation that you downloaded and built yourself?
If not, is there a Docker (or other container-ization) configuration
you can share?
Thanks,
-Mark
-----Original Message-----
From: Joseph West <josephwestlinux at gmail.com>
Date: Sat, 12 May 2018 17:38:10 -0500
To: <netsa-tools-discuss at cert.org>
Subject: [netsa-tools-discuss] RWFLOWPACK error but still process ipfix
Hello,
My rwflowpack log states this message multiple times:
rwflowpack[13] Cannot determine flowtype of record from probe S0E: input 3;
output 3.
I believe my sensor.conf is misconfigured. How do I find the correct SMTP
external ports?
sensor.conf:
probe S0E ipfix
listen on {port hidden for security}
protocol tcp
end probe
sensor S0E
ipfix-probes S0E
external-interface 0,2,257,259
internal-interfaces 1,3,256,258
end sensor
More information about the netsa-tools-discuss
mailing list