Question regarding interface name #183
Comments
|
Only system interface names are exported, in netflow v9 and ipfix protocol. You should be able to see them with wireshark. |
|
Could you please advise which filed in netflow data has the interface name? Did not see these have value for v9. |
|
IF_NAME(82) and possible IF_DESC(83). |
|
Maybe the disconnect here is that if id-to-name mappings are in different records than flows? I wonder what would it take to have IF_NAME in the flow records instead of just ids. Maybe performance concerns to convert ifindex to name in datapath. Or the fact that names and the interfaces themselves could change in the middle of a flow, so it doesn't really make sense to report on flows. |
|
Actually, what I proposed makes no sense from the protocol's point of view. Sorry for the noise. IF_NAME is a single Information Element, but the Flow Record needs egress, ingress interfaces, as well as their physical counterparts, and all those are defined as integers. So I guess the collector needs to support joining the id-to-name mapping with the flows. (Or the Exporting Process uses Enterprise-Specific Information Elements, but that is not ipt_NETFLOW's problem.) |
Dear aabc,
Here you mentioned we can export interface names. But we don't see it in flows. Could you please advise how to export physical interfacename like eth0 and eth1?
https://sourceforge.net/p/ipt-netflow/bugs-requests-patches/58/?page=1&limit=25#63d9
Thanks in advance.
The text was updated successfully, but these errors were encountered: