On 03/13/18 16:39, Paul Ammann wrote: > I've got a problem and I'm hoping OBSD may be able to solve my problem. > > We bought new firewalls in 2017, but they can only send flow traffic to a > single destination. We need to send flow traffic to 3 destinations.
How do you generate the flows? pflow(4) or some other method? > I have a copy of Michael Lucas' book Network Flow Analysis, and I've been > reading about flow-tools and flowd. Unfortunately there doesn't seem to have > been a lot of development on these tools since 2010. > > Are there any other tools that I may have missed that would help me solve my > problem? I had to check by configuring a second pflow interface on my home gateway here, and it seems you can indeed have more than one pflow interface (the other option that comes to mind is some fairly specific rules for your netflow data with dup-to, but that may be pushing the number of hoops to jump through too far). Michael's book is probably still the best reference on netflow. I describe a setup with pflow and nfsen at http://bsdly.blogspot.com/2014/02/yes-you-too-can-be-evil-network.html - that post is from 2014 but the basics should still apply. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
