FlowView with multiple campuses

[9Nails]

Hello,

This is more of a design question. I have FlowView 1.3 installed and working on Cacti. I'm creating multiple Listeners so that I can filter between different campuses with-in my network. What I'm noticing is that data is only being stored into the first listener that I created. Is this the intended design, or did I miss a step in setting up my service? I'll admit that I'm a total beginner here and am capable of making mistakes! =)

Here's what I've done:
On Cacti 0.8.8a, I've installed Flowview 1.3. (This is a basic CactiEZ install with CentOS.)
Flowview is enabled and working.
On my first router I've added:
! Cisco 2950 Router
!
interface GigabitEthernet0/0
ip flow ingress
!
ip flow-export version 5 peer-as bgp-nexthop
ip flow-export destination 10.6.100.126 2055
ip flow-top-talkers
top 20
sort-by bytes
match destination port min 0 max 65535
!

On CentOS, I verified that Cacti was getting the netflow traffic:
[root@localhost ~]# tcpdump udp port 2055
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
09:54:35.541985 IP 10.6.199.102.53116 > 10.6.100.126.iop: UDP, length 1464
09:54:37.560856 IP 10.6.199.102.54193 > 10.6.100.126.iop: UDP, length 1464
09:54:39.542410 IP 10.6.199.102.53116 > 10.6.100.126.iop: UDP, length 1464
09:54:39.561047 IP 10.6.199.102.54193 > 10.6.100.126.iop: UDP, length 1464

I created a Listener in Cacti, and the directory in CentOS /var/netflow/flows/Avocado:
Name: Avocado
Directory: Avocado
Allowed Host: 10.6.199.101
Port: 2055
Nesting: /YYY-MM-DD
Netflow version: NetFlow version 1
Compression Level: 0
Rotation: 1 minute
Expiration: 1 Week


I then setup my second router in the same fashion,, and the directory in CentOS /var/netflow/flows/Banana
Name: Banana
Directory: Banana
Allowed Host: 10.6.199.201
Port: 2055
Nesting: /YYY-MM-DD
Netflow version: NetFlow version 1
Compression Level: 0
Rotation: 1 minute
Expiration: 1 Week

And ran tcpdump. Now i see traffic from both routers.
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
09:54:35.541985 IP 10.6.199.202.53116 > 10.6.100.126.iop: UDP, length 1464
09:54:37.560856 IP 10.6.199.102.54193 > 10.6.100.126.iop: UDP, length 1464
09:54:39.542410 IP 10.6.199.202.53116 > 10.6.100.126.iop: UDP, length 1464
09:54:39.561047 IP 10.6.199.102.54193 > 10.6.100.126.iop: UDP, length 1464

Restarted the flow-capture service:
service flow-capture stop
service flow-capture start


Here's where things went weird. Only the first listener is collecting data. The second listener's directory is empty. In Cacti, only the first listener is showing a table of data. The other is empty.

My question: is this design supported? Can I have multiple listeners with the same port, different directories, and different IP Addresses. Or can I only have one Listener / one directory for all my campuses?

[jOhne]

I am having this exact same problem.

Only one Flow is working and showing data.

Not sure if i need multiple ports for multiple hosts, can anyone shed any light on this that has multiple devices monitored fine?

[vestar]

same question with you!

[freelime]

I am new to Cacti and I ran into this problem last week. Did anyone find a solution? I have not had much luck finding an answer.