Hello,
I am using nProbe for Netflow probing and L7 analysis. I am running the nProbe instance inside my ERL. This is the configuration file I am using:
--collector none --interface eth1 --verbose 0 -T=%IN_BYTES %IN_PKTS %PROTOCOL %PROTOCOL_MAP %SRC_TOS %TCP_FLAGS %L4_SRC_PORT %L4_SRC_PORT_MAP %IPV4_SRC_ADDR %INPUT_SNMP %L4_DST_PORT %L4_DST_PORT_MAP %IPV4_DST_ADDR %OUTPUT_SNMP %SRC_AS %DST_AS %LAST_SWITCHED %FIRST_SWITCHED %OUT_BYTES %OUT_PKTS %IPV6_SRC_ADDR %IPV6_DST_ADDR %ICMP_TYPE %DST_TOS %IP_PROTOCOL_VERSION %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %APPL_LATENCY_MS %SRC_IP_COUNTRY %SRC_IP_CITY %DST_IP_COUNTRY %DST_IP_CITY %L7_PROTO_NAME %IPV4_NEXT_HOP %IPV4_SRC_MASK %IPV4_DST_MASK %IN_SRC_MAC %OUT_DST_MAC %CLIENT_NW_LATENCY_MS %SERVER_NW_LATENCY_MS %L7_PROTO --local-networks 10.39.0.0/21 --account-l2 --zmq "tcp://*:5556" --host= --json-labels= --flow-version 10 --if-networks="44:D9:E7:41:95:F4@0,44:D9:E7:41:95:F5@1"
eth1 is my WAN interface (where pppoe0 is). The problem I have is that the flows are using my WAN IP address. I wanted to have it do something like the post-dnat option for EdgeOS flow-accounting feature. Anyone here who has an experience with a similar setup?