ng_netflow documentation
David Duchscher
kreios at gmail.com
Wed Mar 29 19:34:44 UTC 2006
On Mar 29, 2006, at 11:19 AM, Bart Van Kerckhove wrote:
> Dear list,
>
> I have been looking into ng_netflow lately for traffic analyzing.
> It seems that this would do everything i'd ever need - though I
> have a hard
> time tracking down (working) examples, or FAQ's/howto's/documentation.
> I've done the most obvious things, googled it, searched the -net
> lists, but
> to no (useful) effect.
> I was wondering if this list could provide me with any useful links
> or info
> regarding ng_netflow. That would be greatly appreciated!
Script that is working on one of my systems (fxp0 is its only
interface):
kldload ng_ether
kldload ng_ksocket
kldload ng_tee
kldload ng_netflow
# Tap interface
ngctl mkpeer fxp0: tee lower right
ngctl name fxp0:lower tee0
ngctl connect fxp0: tee0: upper left
# Hook up netflow to tap
ngctl mkpeer tee0: netflow right2left iface0
ngctl name tee0:right2left netflow0
ngctl connect tee0: netflow0: left2right iface1
# Hook up netflow export to ksocket
ngctl msg netflow0: setifindex { iface=0 index=1 }
ngctl msg netflow0: setifindex { iface=1 index=2 }
ngctl mkpeer netflow0: ksocket export inet/dgram/udp
ngctl name netflow0:export nfexport
ngctl msg nfexport: connect inet/127.0.0.1:9996
Then you just need something to capture the netflow data like
ports/net-mgmt/flow-tools. You can also change 127.0.0.1 to any
routable host and the netflow packets will be sent to that host.
Hope this helps,
--
DaveD
More information about the freebsd-net
mailing list