Hi! I am looking for a free, high-performance netflow probe for a linux box. Ths box is routing max. 100 Mbit traffic and has two 1.2 GHz Xeon CPUs and lots of RAM.
I'd like to aggregate with host breadown (for a small internal net with about 100 hosts) or maybe on port, using a small ports_file. I'm planning to collect this netflow on another host using nfacctd. So far, I'm thinking about three possible solutions: - pmacctd using libpcap-mmap and the nfprobe plugin - fprobe and libpcap-mmap - fprobe-ulog and iptables ULOG targets How about your experiences with these approaches? Which is the most preferrable one? Are there any advantages/disadvantages in using sflow instead of netflow? Cheers, --leo -- e-mail ::: Leo.Bergolth (at) wu-wien.ac.at fax ::: +43-1-31336-906050 location ::: Computer Center | Vienna University of Economics | Austria _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
