Date: Wed, 29 Mar 2006 13:34:27 -0600 From: David Duchscher <kreios@gmail.com> To: Bart Van Kerckhove <bart@it-ss.be> Cc: "freebsd-net@FreeBSD.org" <freebsd-net@freebsd.org> Subject: Re: ng_netflow documentation Message-ID: <369AC6B9-9D69-4C15-9C1D-F84E1E6A8D18@gmail.com> In-Reply-To: <003201c65354$fb99d980$020b000a@bartwrkstxp> References: <003201c65354$fb99d980$020b000a@bartwrkstxp>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 29, 2006, at 11:19 AM, Bart Van Kerckhove wrote:
> Dear list,
>
> I have been looking into ng_netflow lately for traffic analyzing.
> It seems that this would do everything i'd ever need - though I
> have a hard
> time tracking down (working) examples, or FAQ's/howto's/documentation.
> I've done the most obvious things, googled it, searched the -net
> lists, but
> to no (useful) effect.
> I was wondering if this list could provide me with any useful links
> or info
> regarding ng_netflow. That would be greatly appreciated!
Script that is working on one of my systems (fxp0 is its only
interface):
kldload ng_ether
kldload ng_ksocket
kldload ng_tee
kldload ng_netflow
# Tap interface
ngctl mkpeer fxp0: tee lower right
ngctl name fxp0:lower tee0
ngctl connect fxp0: tee0: upper left
# Hook up netflow to tap
ngctl mkpeer tee0: netflow right2left iface0
ngctl name tee0:right2left netflow0
ngctl connect tee0: netflow0: left2right iface1
# Hook up netflow export to ksocket
ngctl msg netflow0: setifindex { iface=0 index=1 }
ngctl msg netflow0: setifindex { iface=1 index=2 }
ngctl mkpeer netflow0: ksocket export inet/dgram/udp
ngctl name netflow0:export nfexport
ngctl msg nfexport: connect inet/127.0.0.1:9996
Then you just need something to capture the netflow data like
ports/net-mgmt/flow-tools. You can also change 127.0.0.1 to any
routable host and the netflow packets will be sent to that host.
Hope this helps,
--
DaveD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?369AC6B9-9D69-4C15-9C1D-F84E1E6A8D18>