Testovacia zostava
* Testovacia zostava:
Zapojil som takúto testovaciu topológiu ako je na obrázku. Z routera som posielal ping na notebook. Na notebooku bežal jxcoll 3.6.1. Na notebooku som nastavil ip adresu 192.168.1.100 a masku 255.255.255.0 .
Konfiguracia routra
Na routri som nakonfiguroval ip adresu na interface FastEthernet 0/1 interface fa0/1 ip address 192.168.1.1 255.255.255.0 no shutdownKonfiguracia jxcoll
<?xml version="1.0" encoding="ISO-8859-1"?>
<JXCollConfiguration>
<global>
<logLevel>DEBUG</logLevel> <!--Possible logging: ALL | DEBUG | INFO | WARN | TRACE | ERROR (default)| FATAL | OFF-->
<ipfixFieldsXML>/etc/jxcoll/ipfixFields.xml</ipfixFieldsXML> <!-- Name and path to XML file with IPFIX Information Elements (default /etc/jxcoll/ipfixFields.xml)-->
<ipfixTemplateTimeout>300</ipfixTemplateTimeout> <!--IPFIX template timeout in seconds (default 5 minutes=300 seconds)-->
<listenPort>4739</listenPort> <!--Listen Port for incoming flows (default 4739)-->
<listenProtocol>udp</listenProtocol> <!--Listen Protocol: TCP | UDP (default)-->
</global>
<sync>
<makeSync>yes</makeSync> <!--Make Synchronization: yes | no (default)-->
<listenSynchPort>5544</listenSynchPort> <!--Listen Port for Synchronization packets (default 5544)-->
</sync>
<owd>
<measureOwd>yes</measureOwd> <!--Measure OWD: yes | no (default)-->
<owdStart>
<owdStart_ObservationPointTemplateID>256</owdStart_ObservationPointTemplateID> <!-- Template ID of OWD Start Observation Point (default 256) -->
<owdStart_ObservationDomainID>0</owdStart_ObservationDomainID> <!-- Domain of Start ObservationPointID (default 0) -->
<owdStart_Host>127.0.0.1</owdStart_Host> <!-- host or IP address (default localhost)-->
<owdStart_ObservationPointID>123</owdStart_ObservationPointID> <!--OWD Start ObservationPointID (on out of range error measurement will be set to no) default 123 -->
</owdStart>
<owdEnd>
<owdEnd_ObservationPointTemplateID>257</owdEnd_ObservationPointTemplateID> <!-- Template ID of OWD End Observation Point (default 257) -->
<owdEnd_ObservationDomainID>0</owdEnd_ObservationDomainID> <!-- Domain of End ObservationPointID (default 0) -->
<owdEnd_Host>127.0.0.1</owdEnd_Host> <!-- host or IP address (default localhost)-->
<owdEnd_ObservationPointID>321</owdEnd_ObservationPointID> <!--OWD End ObservationPointID (on out of range error measurement will be set to no) default 321-->
</owdEnd>
<passiveTimeout>5000</passiveTimeout> <!-- Measure Point's passiveTimeout in milliseconds (default 5 seconds)-->
<activeTimeout>10000</activeTimeout> <!-- Measure Point's activeTimeout in milliseconds (default 10 seconds)-->
</owd>
<acp>
<acpTransfer>no</acpTransfer> <!--Forward data: yes (default) | no-->
<acpPort>2138</acpPort> <!--Listen port for ACP connections (default 2138)-->
<acpLogin>bm</acpLogin> <!--Login for ACP connections (default bm)-->
<acpPassword>bm</acpPassword> <!--Password for ACP connections (default bm)-->
</acp>
<database>
<dbExport>yes</dbExport> <!--Export data to database: yes (default) | no-->
<dbHost>localhost</dbHost> <!--Database host (default localhost)-->
<dbPort>5432</dbPort> <!--Database port (default 5432)-->
<dbName>bmdb</dbName> <!--Database name (default bm)-->
<dbLogin>bm</dbLogin> <!--Database login (default bm)-->
<dbPassword>bm</dbPassword> <!--Database password (default bm)-->
</database>
<accounting>
<accExport>no</accExport> <!--Export Accounting data to database: yes (default) | no-->
<accRecordExportInterval>20</accRecordExportInterval> <!--Postgres Accounting Record Export Interval in seconds-->
<accUserID>1</accUserID> <!--Postgres DB user ID for accounting (existing user ID in accounting application (default 1))-->
</accounting>
</JXCollConfiguration>
Konfiguracia mybeem
<?xml version="1.0" encoding="ISO-8859-1"?>
<configuration>
<interfaces>
<interface>
<name>eth1</name>
<pcapFilter>ip or ip6</pcapFilter>
<!-- <dumpFile>test.dump</dumpFile> -->
<!-- sampling:
type: 0 - none (all packets are sampled)
1 - systematic count-based (parameter1 - number of sampled packets in a row, parameter2 - number of unsampled packets in a row)
2 - systematic time-based (parameter1 - interval lenght of sampling in seconds [integer], parameter2 - interval length of not sampling in seconds [integer])
3 - random n-of-N (parameter1 - number of selected packets, parameter2 - number of packets to select from [must be lower than 1000 and greater than parameter1])
4 - uniform probability (parameter1 - probability of sampling [%], parameter2 - irrelevant)
5 - non-uniform probability (parameter1 - start of "sure sampled" interval [secs from epoch (0:00, 1.1.1970)], parameter2 - end of "sure sampled" interval [secs from epoch])
-->
<samplingType>0</samplingType>
<samplingParam1>4</samplingParam1>
<samplingParam2>10</samplingParam2>
</interface>
<!-- <interface>
<name>eth2</name>
<pcapFilter>ip</pcapFilter>
<dumpFile>test.dump</dumpFile>
<samplingType>0</samplingType>
<samplingParam1>4</samplingParam1>
<samplingParam2>10</samplingParam2>
</interface>-->
</interfaces>
<observationPointID>123</observationPointID>
<flows>
<!-- in miliseconds smaller then activeTimeout -->
<passiveTimeout>5000</passiveTimeout>
<!-- in miliseconds -->
<activeTimeout>10000</activeTimeout>
<biflows>true</biflows>
</flows>
<templates>
<template id="256">
<!--PROSIM aktualizovat POCET! -->
<!-- pocet: 63 -->
<field>4</field> <!-- protocolIdentifier -->
<field>5</field> <!-- ipClassOfService -->
<field>7</field> <!-- sourceTransportPort -->
<field>8</field> <!-- sourceIPv4Address -->
<field>11</field> <!-- destinationTransportPort -->
<field>12</field> <!-- destinationIPv4Address -->
<field>21</field> <!-- flowEndSysUpTime -->
<field>22</field> <!-- flowStartSysUpTime -->
<field>27</field> <!-- sourceIPv6Address -->
<field>28</field> <!-- destinationIPv6Address -->
<!-- 10 -->
<field>32</field> <!-- icmpTypeCodeIPv4 -->
<field>33</field> <!-- igmpType -->
<field>36</field> <!-- flowActiveTimeout (activeTimeout) -->
<field>37</field> <!-- flowIdleTimeout (passiveTimeout) -->
<field>54</field> <!-- fragmentIdentification -->
<field>55</field> <!-- postIpClassOfService-->
<field>60</field> <!-- ipVersion -->
<field>85</field> <!-- octetTotalCount -->
<field>86</field> <!-- packetTotalCount -->
<field>88</field> <!-- fragmentOffset -->
<!-- 20 -->
<field>136</field> <!-- flowEndReason -->
<field>138</field> <!-- observationPointId -->
<field>148</field> <!--flowID-->
<field>152</field> <!-- flowStartMilliseconds -->
<field>153</field> <!-- flowEndMilliseconds -->
<field>154</field> <!-- flowStartMicroseconds -->
<field>155</field> <!-- flowEndMicroseconds -->
<field>156</field> <!-- flowStartNanoseconds -->
<field>157</field> <!-- flowEndNanoseconds -->
<field>158</field> <!-- flowStartDeltaMicroSeconds-->
<!-- 30 -->
<field>159</field> <!-- flowEndDeltaMicroSeconds-->
<field>160</field> <!-- systemInitTimeMilliseconds -->
<field>161</field> <!-- flowDurationMilliseconds -->
<field>162</field> <!-- flowDurationMicroseconds -->
<field>176</field> <!-- icmpTypeIPv4 -->
<field>177</field> <!-- icmpCodeIPv4 -->
<field>178</field> <!-- icmpTypeIPv6 -->
<field>179</field> <!-- icmpCodeIPv6 -->
<field>184</field> <!-- tcpSequenceNumber -->
<field>185</field> <!-- tcpAcknowledgementNumber -->
<!-- 40 -->
<field>186</field> <!-- tcpWindowSize -->
<field>187</field> <!-- tcpUrgentPointer -->
<field>189</field> <!-- ipHeaderLength -->
<field>190</field> <!-- totalLengthIPV4 -->
<field>192</field> <!-- ipTTL -->
<field>195</field> <!-- ipDiffServCodePoint -->
<field>196</field> <!-- ipPrecedence -->
<field>197</field> <!-- fragmentFlags -->
<field>198</field> <!-- octetDeltaSumOfSquares -->
<field>199</field> <!-- octetTotalSumOfSquares -->
<!-- 50 -->
<field>206</field> <!-- isMulticast -->
<field>207</field> <!-- ipv4IHL -->
<field>218</field> <!-- tcpSynTotalCount -->
<field>219</field> <!-- tcpFinTotalCount -->
<field>220</field> <!-- tcpRstTotalCount -->
<field>221</field> <!-- tcpPshTotalCount -->
<field>222</field> <!-- tcpAckTotalCount -->
<field>223</field> <!-- tcpUrgTotalCount -->
<field>224</field> <!--ipTotalLength-->
<field enterprise="26235">240</field> <!-- roundTripTimeNanoseconds -->
<!-- 60 -->
<field enterprise="26235">241</field> <!-- packetPairsTotalCount / IPFIX_FT_RTTPAIRSTOTALCOUNT -->
<field enterprise="26235">242</field> <!-- firstPacketID -->
<field enterprise="26235">243</field> <!-- lastPacketID -->
<!-- 63 -->
</template>
<!--<template id="257">
<field>12</field>
<field>13</field>
</template> -->
</templates>
<collector>
<version>10</version>
<host>127.0.0.1</host>
<!--by EqO 5647 <port>4739</port> -->
<port>4739</port>
<sync_port>4455</sync_port> <!--sync_port number by Ado -->
<protocol>UDP</protocol>
<sourceID>0</sourceID>
<refreshTemplateTime>5</refreshTemplateTime>
</collector>
</configuration>
Záver
Testoval som to tak ze som posielal ping z routra na notebook. Test bol úspešný (kolektor pridal záznamy do databázy). -- MichalMalatin - 15 Nov 2011
| I | Attachment | Action | Size | Date | Who | Comment |
|---|---|---|---|---|---|---|
 jpg |
bm.jpg | manage | 10.0 K | 15 Nov 2011 - 22:08 | UnknownUser | zostava |
Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | More topic actions
Topic revision: r2 - 15 Nov 2011 - 23:25:56 - MichalMalatin
Sandbox Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
DocumentCisco
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback