On 12/06/2013, at 9:47, "Scott, Brian" <[email protected]> wrote: >> I was looking at trying out flow monitoring and I found pfflowd, but >> unfortunately it does not work with FreeBSD >9.0. I thought about ng_netflow >> but that doesn't >see my tun interface which may be related to.. >> WARNING: attempt to domain_add(netgraph) after domainfinalize() > > Noise message. I've never seen it actually mean anything. > > The problem is that tun0 is a generic network interface. Ng_ether only > exposes Ethernet devices. The equivalent to tun but for an Ethernet device is > tap. Creating a tap device after boot immediately creates the corresponding > ng_ether node which can then be plumbed into ng_netflow.
OK, for some reason I thought NG would add nodes to mirror every network interface but that was wrong.. > Some software is kind enough to work with either tun or tap as a configurable > option. Unfortunately I am using ppp which doesn't :( >> Does anyone have any recommendations for generating flow information from PF? > > I've had great success with ng_netflow. I like the fact that all the > processing is in-kernel. Yeah, that is one reason I looked at it. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[email protected]"
