Date: Fri, 09 Oct 2009 20:00:16 +0100 From: Vincent Hoffman <vince@unsane.co.uk> To: Jay Hall <jhall@socket.net> Cc: freebsd-questions@freebsd.org Subject: Re: Capturing netflows Message-ID: <4ACF8840.1030600@unsane.co.uk> In-Reply-To: <E54EF7EC-1E28-4DA5-8BE0-70FA5F51C55D@socket.net> References: <E54EF7EC-1E28-4DA5-8BE0-70FA5F51C55D@socket.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jay Hall wrote: > I have run into a need to capture netflows from the internal interface > of my FreeBSD 6 server. The internal interface is em0 and the > external interface is em1. > > I am using the following to setup the netflows. > > /usr/sbin/ngctl -f- << SEQ > mkpeer em0: netflow lower iface0 > name: em0: lower netflow > connect em0: netflow: upper out0 > mkpeer netflow: ksocket export inet/dgram/udp > msg netflow:export connect inet/1.2.3.4:12345 > SEQ > > When I run the commands above, I receive the following message. > > ngctl: send msg: No such file or directory > ngctl: line 1: error in file > > I am at a complete loss here. My understanding of netgraph is poor at > best. Any suggestions would be appreciated. > Been a while since I used it but I used to use this script based on this email http://www.mail-archive.com/freebsd-questions@freebsd.org/msg103671.html #!/usr/sbin/ngctl -f mkpeer fxp0: tee lower right connect fxp0: fxp0:lower upper left mkpeer fxp0:lower netflow right2left iface0 name fxp0:lower.right2left netflow mkpeer netflow: ksocket export inet/dgram/udp msg netflow:export connect inet/w.x.y.x:6667 hope that helps, Vince > Thanks, > > Jay > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ACF8840.1030600>