From owner-freebsd-questions@FreeBSD.ORG  Fri Oct  9 17:10:38 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BBD8B1065670
	for <freebsd-questions@freebsd.org>;
	Fri,  9 Oct 2009 17:10:38 +0000 (UTC)
	(envelope-from jhall@socket.net)
Received: from mf5.socket.net (mf5a.socket.net [216.106.26.209])
	by mx1.freebsd.org (Postfix) with ESMTP id A0B2D8FC0A
	for <freebsd-questions@freebsd.org>;
	Fri,  9 Oct 2009 17:10:38 +0000 (UTC)
Received: from jeflmedlele.mo.loc (unknown [65.117.48.155])
	by mf5.socket.net (Postfix) with ESMTP id 80EA5639EA
	for <freebsd-questions@freebsd.org>;
	Fri,  9 Oct 2009 12:10:37 -0500 (CDT)
Message-Id: <E54EF7EC-1E28-4DA5-8BE0-70FA5F51C55D@socket.net>
From: Jay Hall <jhall@socket.net>
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Fri, 9 Oct 2009 12:10:36 -0500
X-Mailer: Apple Mail (2.936)
Subject: Capturing netflows
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2009 17:10:38 -0000

I have run into a need to capture netflows from the internal interface  
of my FreeBSD 6 server.  The internal interface is em0 and the  
external interface is em1.

I am using the following to setup the netflows.

/usr/sbin/ngctl -f- << SEQ
	mkpeer em0: netflow lower iface0
	name: em0: lower netflow
	connect em0: netflow: upper out0
	mkpeer netflow: ksocket export inet/dgram/udp
	msg netflow:export connect inet/1.2.3.4:12345
SEQ

When I run the commands above, I receive the following message.

ngctl: send msg: No such file or directory
ngctl: line 1: error in file

I am at a complete loss here.  My understanding of netgraph is poor at  
best.  Any suggestions would be appreciated.

Thanks,

Jay