Sampler Address #98
Comments
|
Hello, Should not be overwritten.
In the field: Agent Address will be the IP of the SamplerAddress(At least shold be) if the GoFlow daemon parse the source-ip in the layer3 as the SamplerAddress this is a bug and must be fixed. |
|
Hello, the screenshot you provided shows, as far as i understand, traffic from sFlow protocol. I'm actually using netflow v5. The code in goflow, for netflow v5, seems to do this, but i might be wrong: `func (s *StateNetFlow) DecodeFlow(msg interface{}) error { pkt := msg.(BaseMessage) buf := bytes.NewBuffer(pkt.Payload) samplerAddress := pkt.Src if samplerAddress.To4() != nil { samplerAddress = samplerAddress.To4() }` |
|
Sorry for this, |
* netflow: Add observation domain and point to message The ObservationDomainID and ObservationPointID are two IPFIX fields that identify the entity that is capturing flows and can be used to enrich the context around a specific sample. Parse these fields from the sample and add them to the FlowMessage. Signed-off-by: Adrian Moreno <[email protected]> Co-authored-by: Adrian Moreno <[email protected]>
Hello,
i'm investigating a little bit on this SamplerAddress attribute, as my concern is that it is getting overwritten when passing through a NAT.
It is not read from the netflow payload but from the packet header, isn't it ? I can't find any reference of this attribute in the netflow protocol format...but it seems weird that it was not included...am i right or am i missing something ?
The text was updated successfully, but these errors were encountered: