Without knowing more details, I'm guessing you just have to configure the
router and tools to export and accept/process netflow from a new OC-3
router interface. If other suggested solutions don't work, try this.
Since the old sysadmin may have written some complicated scripts and you
want a quick solution:
Find the netflow export IP address/port, interface address and ifIndex for
the old router and interface.
Configure the new router and interface to export netflow.
grep through all scripts, config files, /etc/init files, etc. for the old
export IP, ifIndex and interface address. Replace with the new values.
Check to see if there's some oddball script running under cron that
expects a new export IP, ifIndex or interface address. Check to see if you
need to create /var/run/flow*pid files for new port numbers if you decide
to export netflow with a different port number. DOCUMENT everything you
change in case you need to undo it or want to research what does what
later.
Restart everything in sight, simultaneously rub your stomach and pat your
head and say 'booboobaroo'. Hopefully the stats collection will restart.
I hope this helps,
Russell Dwarshuis
Subject: [Flow-tools] flow-tools or flowscan? (help needed badly)
To: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
Hi,
Ok, here's my situation:
I am just a beginner sysadmin... We have an existing (flowscan, flow-capture,
rancid, postgresql) which was configured by the former(more talented) admin
on one machine. I am working for an R&D ISP. Few days ago, we have upgraded
our Internet Link to 155Mbps. Now the mrtg graph shows an enormous amount of
traffic. Our director wants to know if those traffic are legitimate or just
some DoS attacks. No problem, sir, let's take a look at our netflow protocol
grapher... after choosing the necessary protocols to graph... holly cow!! its
not working... don't worry i'll fix this thing asap sir.. In order to fix
it... my general rule for all the services I have configured before... start
them all from scratch to be able to learn how bits of pieces work together.
Now, back into my problem...
1. I know the enable key to our routers (cisco 7206, 3640 - 12.2)
2. I know very few commands....(no problem, I'll just leave the router
configuration to him.)
3. So far here's the necessary steps I got on my mind, (Please fill in the
missing steps or the missing software needed for me.. I just need an overview
of the things to be done as well as the software packages needed.)
1. choose a particular interface on the router where I want the ip route-cache
flow to be enabled(this one is tricky... there are so many interfaces...
Can't I just enable ip route-cache flow on all those interfaces?
2. configure the router to export its netflow to a machine running
flow-capture listening on a particular flow...
flowscan manual recommends these commands:
ip flow-export version 5 peer-as
ip flow-export destination 10.0.0.1 2055
Steps 1 and 2 on the router... is that all??? Did I miss anything?
3. Now on the machine... Here are the software which I am thinking to do all
those sort of accounting staffs..
3.1 flow-tools (consist of different tools, I only know 1, the flow-capture,
used to capture the netflow being exported by the cisco router.. (also I have
read some emails suggesting its use rather than using cflowd.
3.2 flow-scan
I really don't have a clear idea of what is its purpose... aren't the rest of
the flow- tools enough to do the job???
4. RRD (round robin database)
It was installed automatically on flowscan freebsd ports installation. Don't
know why the former admin used postgresql instead.
5. Web server (apache perhaps... no problem with this)
6. The web interface of our netflow grapher uses CUGrapher.pl (Don't know what
software this scripts are part of)
Our web interface resides here: http://netflow.pregi.net
It contains various links for the documentation of the applications used, but
I guess its not quite complete.
Flow-tools
patch for flow-tools for exporting to postgresql
Flowscan
Cflow ? ? ? ? ?(was this software used together with flow tools??)
CUFlow
Postgresql (why not RRD???)
That's all for now (its almost 1pm and I need to have some lunch.. i'm
starving).. Thank you very much for your time.
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
