Hello,
I am running OpenBSD 5.1 as a gateway device with 4 interfaces and am
using pflow with the IPFIX protocol.
I have read over the docs but it is not clear if I can run a netflow sensor /
emitter per interface? If so then on the netflow server I could query by
sensor. The other thing that came to mind is in the past with a different
vendor I have setup netflow emitters on a per interface(normally one per
gateway device still), now pflow does not seem to support that because it is
determined by pf from my understanding, is that correct?
So should I only tag (pflow) on rule sets that are on the external interface
and make sure it is on the "in" and "out" rule sets?
Any help is appreciated.
Thanks
Michael
