ipfix/netflow/sflow generator for Linux

Samuel Petreski sp446 at georgetown.edu
Mon Dec 6 20:37:36 UTC 2010


I've used fprobe with great success. You can run multiple instances of
fprobe for the different interfaces.  

--Samuel

fprobe: a NetFlow probe - libpcap-based tool that collects
network traffic data and emit it as NetFlow flows towards the
specified collector.

WWW: http://sourceforge.net/projects/fprobe

--
Samuel Petreski
Sr. Security Analyst
Georgetown University

> -----Original Message-----
> From: Thomas York [mailto:straterra at fuhell.com]
> Sent: Monday, December 06, 2010 2:15 PM
> To: nanog at nanog.org
> Subject: ipfix/netflow/sflow generator for Linux
> 
> At my current place of work, we use all Linux routers. I need to do some
IP
> accounting/reporting and am currently trying to use Scrutinizer.
Scrutinizer
> can use netstream, jstream, ipfix, netflow, and sflow data without qualms.
> My only issue is that I can't seem to find any good software for Linux
that
> works with multiple interfaces to generate the flow information. I've
tried
> ndsad, nprobe, softflowd, host sflow, and ipcad without much luck. Most of
> the software only works on one interface (which is useless as I need to do
> accounting for numerous interfaces).
> 
> 
> 
> I've had the best luck with ipcad. The only thing that seems to not work
with
> it is that it doesn't correctly give the interface number in the flow
> information. It refers to all interfaces as interface 65535. I've tried
the config
> option for ipcad to map an interface directly to an SNMP interface ID, but
> that option of the config file seems to be ignored.
> 
> 
> 
> Ntop functionally does exactly what I need, but it's extremely buggy. It
> segfaults after a few minutes, regardless of Linux distro or Ntop version.
> So..any ideas on what I can do to get good flow information from our Linux
> routers?






More information about the NANOG mailing list