Take a look at my white paper that uses CUFlow and RRDTool.
http://www.dynamicnetworks.us/netflow
Thanks, Robert
Mark Jayson R. Alvarez wrote:
Hi,
Ok, here's my situation:
I am just a beginner sysadmin... We have an existing (flowscan, flow-capture,
rancid, postgresql) which was configured by the former(more talented) admin
on one machine. I am working for an R&D ISP. Few days ago, we have upgraded
our Internet Link to 155Mbps. Now the mrtg graph shows an enormous amount of
traffic. Our director wants to know if those traffic are legitimate or just
some DoS attacks. No problem, sir, let's take a look at our netflow protocol
grapher... after choosing the necessary protocols to graph... holly cow!! its
not working... don't worry i'll fix this thing asap sir.. In order to fix
it... my general rule for all the services I have configured before... start
them all from scratch to be able to learn how bits of pieces work together.
Now, back into my problem...
1. I know the enable key to our routers (cisco 7206, 3640 - 12.2)
2. I know very few commands....(no problem, I'll just leave the router
configuration to him.)
3. So far here's the necessary steps I got on my mind, (Please fill in the
missing steps or the missing software needed for me.. I just need an overview
of the things to be done as well as the software packages needed.)
1. choose a particular interface on the router where I want the ip route-cache
flow to be enabled(this one is tricky... there are so many interfaces...
Can't I just enable ip route-cache flow on all those interfaces?
2. configure the router to export its netflow to a machine running
flow-capture listening on a particular flow...
flowscan manual recommends these commands:
ip flow-export version 5 peer-as
ip flow-export destination 10.0.0.1 2055
Steps 1 and 2 on the router... is that all??? Did I miss anything?
3. Now on the machine... Here are the software which I am thinking to do all
those sort of accounting staffs..
3.1 flow-tools (consist of different tools, I only know 1, the flow-capture,
used to capture the netflow being exported by the cisco router.. (also I have
read some emails suggesting its use rather than using cflowd.
3.2 flow-scan
I really don't have a clear idea of what is its purpose... aren't the rest of
the flow- tools enough to do the job???
4. RRD (round robin database)
It was installed automatically on flowscan freebsd ports installation. Don't
know why the former admin used postgresql instead.
5. Web server (apache perhaps... no problem with this)
6. The web interface of our netflow grapher uses CUGrapher.pl (Don't know what
software this scripts are part of)
Our web interface resides here: http://netflow.pregi.net
It contains various links for the documentation of the applications used, but
I guess its not quite complete.
Flow-tools
patch for flow-tools for exporting to postgresql
Flowscan
Cflow (was this software used together with flow tools??)
CUFlow
Postgresql (why not RRD???)
That's all for now (its almost 1pm and I need to have some lunch.. i'm
starving).. Thank you very much for your time.
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
