From owner-freebsd-questions@FreeBSD.ORG Fri Oct 9 19:00:19 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2ACA51065676 for ; Fri, 9 Oct 2009 19:00:19 +0000 (UTC) (envelope-from vince@unsane.co.uk) Received: from unsane.co.uk (unsane-pt.tunnel.tserv5.lon1.ipv6.he.net [IPv6:2001:470:1f08:110::2]) by mx1.freebsd.org (Postfix) with ESMTP id 6F6318FC0A for ; Fri, 9 Oct 2009 19:00:18 +0000 (UTC) Received: from vhoffman-macbook.local ([10.0.0.173]) (authenticated bits=0) by unsane.co.uk (8.14.3/8.14.3) with ESMTP id n99J3R1F060900 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 9 Oct 2009 20:03:28 +0100 (BST) (envelope-from vince@unsane.co.uk) Message-ID: <4ACF8840.1030600@unsane.co.uk> Date: Fri, 09 Oct 2009 20:00:16 +0100 From: Vincent Hoffman User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Jay Hall References: In-Reply-To: X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Capturing netflows X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2009 19:00:19 -0000 Jay Hall wrote: > I have run into a need to capture netflows from the internal interface > of my FreeBSD 6 server. The internal interface is em0 and the > external interface is em1. > > I am using the following to setup the netflows. > > /usr/sbin/ngctl -f- << SEQ > mkpeer em0: netflow lower iface0 > name: em0: lower netflow > connect em0: netflow: upper out0 > mkpeer netflow: ksocket export inet/dgram/udp > msg netflow:export connect inet/1.2.3.4:12345 > SEQ > > When I run the commands above, I receive the following message. > > ngctl: send msg: No such file or directory > ngctl: line 1: error in file > > I am at a complete loss here. My understanding of netgraph is poor at > best. Any suggestions would be appreciated. > Been a while since I used it but I used to use this script based on this email http://www.mail-archive.com/freebsd-questions@freebsd.org/msg103671.html #!/usr/sbin/ngctl -f mkpeer fxp0: tee lower right connect fxp0: fxp0:lower upper left mkpeer fxp0:lower netflow right2left iface0 name fxp0:lower.right2left netflow mkpeer netflow: ksocket export inet/dgram/udp msg netflow:export connect inet/w.x.y.x:6667 hope that helps, Vince > Thanks, > > Jay > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"