On Mar 29, 2006, at 11:19 AM, Bart Van Kerckhove wrote:
Dear list,
I have been looking into ng_netflow lately for traffic analyzing.
It seems that this would do everything i'd ever need - though I
have a hard
time tracking down (working) examples, or FAQ's/howto's/documentation.
I've done the most obvious things, googled it, searched the -net
lists, but
to no (useful) effect.
I was wondering if this list could provide me with any useful links
or info
regarding ng_netflow. That would be greatly appreciated!
Script that is working on one of my systems (fxp0 is its only
interface):
kldload ng_ether
kldload ng_ksocket
kldload ng_tee
kldload ng_netflow
# Tap interface
ngctl mkpeer fxp0: tee lower right
ngctl name fxp0:lower tee0
ngctl connect fxp0: tee0: upper left
# Hook up netflow to tap
ngctl mkpeer tee0: netflow right2left iface0
ngctl name tee0:right2left netflow0
ngctl connect tee0: netflow0: left2right iface1
# Hook up netflow export to ksocket
ngctl msg netflow0: setifindex { iface=0 index=1 }
ngctl msg netflow0: setifindex { iface=1 index=2 }
ngctl mkpeer netflow0: ksocket export inet/dgram/udp
ngctl name netflow0:export nfexport
ngctl msg nfexport: connect inet/127.0.0.1:9996
Then you just need something to capture the netflow data like
ports/net-mgmt/flow-tools. You can also change 127.0.0.1 to any
routable host and the netflow packets will be sent to that host.
Hope this helps,
--
DaveD
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
