It's quite simple to do. That's how I collect flows in my environment. I have two 7513's and a 7206 that export to one flow-capture process. They all use the same port. This is the command I use:
"flow-capture -w /var/netflow/ft 0/0/2055 -S5 -V5 -E80G -n 287 -N 0 -R /usr/local/netflow/bin/linkme" The "0/0/2055" lets any router send to port 2055. One thing to note with this configuration, it is possible for someone to send rouge information to the flow-capture process. You should use IPTABLES to filter traffic to whatever port you use to prevent that. Thanks, Robert S. Galloway Chief Network Security Engineer IKANO Communications Network Operations Department ...the team behind the machines -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Everton da Silva Marques Sent: Monday, November 29, 2004 10:34 AM To: Mike Hunter Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Flow-tools] multiple exporters On Mon, Nov 29, 2004 at 09:23:07AM -0800, Mike Hunter wrote: > On Nov 29, "[EMAIL PROTECTED]" wrote: > > > I have 3 cisco routers [netflow v5], exporting flows to my flow-tool's server. > > > > [cisco1] ---> port UDP 9999 > > [cisco2] ---> port UDP 9998 > > [cisco3] ---> port UDP 9997 > > > > so, I want flow-tools to process all this flows in only one > > file-->[ft-v05.2004-11-29.085000-0500] on a especified > > directory-->[/var/local/flows].....Can floot-capture do that? > > I don't think it can do that. The best thing to do is write a script that > flow-cat's the 3 files into one and put that script into cron to have it > done every 15 minutes. I wonder: is there a the problem with configuring every exporter to send flow packets to the same UDP port, then using a single flow-capture instance to collect them all? _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
