Discussion:
[pmacct-discussion] NFv9 Unknown Template
Robert Juric
2016-03-10 17:10:53 UTC
Permalink
I correct the mysql configuration and when I went to change and I restarted
the service to change the table version I'm now seeing NFv9 packets
received and discarded for Unknown Template.

I've not been able to find much information regarding this. I'm using a
Juniper SRX router with inline-jflow.

***@debian-netflow:/etc/pmacct# nfacctd -l 2100 -P print -c none -d true
DEBUG: [cmdline] plugin name/type: 'default'/'core'.
DEBUG: [cmdline] plugin name/type: 'default'/'print'.
DEBUG: [cmdline] nfacctd_port:2100
DEBUG: [cmdline] aggregate:none
DEBUG: [cmdline] debug:true
INFO ( default/core ): Reading configuration from cmdline.
INFO ( default/print ): plugin_pipe_size=4096000 bytes
plugin_buffer_size=228 bytes
INFO ( default/print ): ctrl channel: obtained=212992 bytes target=143712
bytes
INFO ( default/core ): waiting for NetFlow data on 0.0.0.0:2100
INFO ( default/print ): cache entries=16411 base cache memory=44769208 bytes
PACKETS BYTES
DEBUG ( default/core ): Received NetFlow/IPFIX packet from [
192.168.1.1:55602] version [9] seqno [45617]
DEBUG ( default/core ): Discarded NetFlow v9/IPFIX packet (R: unknown
template 257 [192.168.1.1:142])
DEBUG ( default/core ): Received NetFlow/IPFIX packet from [
192.168.1.1:55602] version [9] seqno [45618]
DEBUG ( default/core ): Discarded NetFlow v9/IPFIX packet (R: unknown
template 257 [192.168.1.1:142])

Could anyone point me in the right direction?
Adam Bogdan
2016-03-10 18:21:54 UTC
Permalink
Hi Robert

Could You show Your netflow/jflow configuration on Your SRX ?

Best
Adam

Od: Robert Juric
Wysłano: czwartek, 10 marca 2016 18:13
Do: pmacct-***@pmacct.net
Temat: [pmacct-discussion] NFv9 Unknown Template

I correct the mysql configuration and when I went to change and I restarted the service to change the table version I'm now seeing NFv9 packets received and discarded for Unknown Template.
I've not been able to find much information regarding this. I'm using a Juniper SRX router with inline-jflow.

***@debian-netflow:/etc/pmacct# nfacctd -l 2100 -P print -c none -d true
DEBUG: [cmdline] plugin name/type: 'default'/'core'.
DEBUG: [cmdline] plugin name/type: 'default'/'print'.
DEBUG: [cmdline] nfacctd_port:2100
DEBUG: [cmdline] aggregate:none
DEBUG: [cmdline] debug:true
INFO ( default/core ): Reading configuration from cmdline.
INFO ( default/print ): plugin_pipe_size=4096000 bytes plugin_buffer_size=228 bytes
INFO ( default/print ): ctrl channel: obtained=212992 bytes target=143712 bytes
INFO ( default/core ): waiting for NetFlow data on 0.0.0.0:2100
INFO ( default/print ): cache entries=16411 base cache memory=44769208 bytes
PACKETS               BYTES
DEBUG ( default/core ): Received NetFlow/IPFIX packet from [192.168.1.1:55602] version [9] seqno [45617]
DEBUG ( default/core ): Discarded NetFlow v9/IPFIX packet (R: unknown template 257 [192.168.1.1:142])
DEBUG ( default/core ): Received NetFlow/IPFIX packet from [192.168.1.1:55602] version [9] seqno [45618]
DEBUG ( default/core ): Discarded NetFlow v9/IPFIX packet (R: unknown template 257 [192.168.1.1:142])
Could anyone point me in the right direction?
Robert Juric
2016-03-10 18:55:41 UTC
Permalink
Sure, I've noticed that it does this for a few minutes after starting
nfacctd, before it will eventually recognize and process the flows:

***@SRX100> show configuration forwarding-options sampling | display set
set forwarding-options sampling input rate 1
set forwarding-options sampling input run-length 0
set forwarding-options sampling family inet output flow-server 192.168.1.71
port 2100
set forwarding-options sampling family inet output flow-server 192.168.1.71
version9 template IPV4-TEMPLATE
set forwarding-options sampling family inet output inline-jflow
source-address 192.168.1.1

***@SRX100> show configuration services | display set
set services flow-monitoring version9 template IPV4-TEMPLATE ipv4-template

Robert
Post by Adam Bogdan
Hi Robert
Could You show Your netflow/jflow configuration on Your SRX ?
Best
Adam
*Wysłano: *czwartek, 10 marca 2016 18:13
*Temat: *[pmacct-discussion] NFv9 Unknown Template
I correct the mysql configuration and when I went to change and I
restarted the service to change the table version I'm now seeing NFv9
packets received and discarded for Unknown Template.
I've not been able to find much information regarding this. I'm using a
Juniper SRX router with inline-jflow.
DEBUG: [cmdline] plugin name/type: 'default'/'core'.
DEBUG: [cmdline] plugin name/type: 'default'/'print'.
DEBUG: [cmdline] nfacctd_port:2100
DEBUG: [cmdline] aggregate:none
DEBUG: [cmdline] debug:true
INFO ( default/core ): Reading configuration from cmdline.
INFO ( default/print ): plugin_pipe_size=4096000 bytes
plugin_buffer_size=228 bytes
INFO ( default/print ): ctrl channel: obtained=212992 bytes target=143712 bytes
INFO ( default/core ): waiting for NetFlow data on 0.0.0.0:2100
INFO ( default/print ): cache entries=16411 base cache memory=44769208 bytes
PACKETS BYTES
DEBUG ( default/core ): Received NetFlow/IPFIX packet from [
192.168.1.1:55602] version [9] seqno [45617]
DEBUG ( default/core ): Discarded NetFlow v9/IPFIX packet (R: unknown
template 257 [192.168.1.1:142])
DEBUG ( default/core ): Received NetFlow/IPFIX packet from [
192.168.1.1:55602] version [9] seqno [45618]
DEBUG ( default/core ): Discarded NetFlow v9/IPFIX packet (R: unknown
template 257 [192.168.1.1:142])
Could anyone point me in the right direction?
Loading...