i would like ot know if this is a feasible scenario with pmacct:
- Receive Netflow Data (v5/v9)
- Enrich them with BGP Data
- Send it via amqp to rabbitmq
- Send it via nfprobe to other netflow collector (with filtering of
src/dst networks, as the collector should only get a specific src/dst
The first 4 parts i'm able to validate on my own and set them
successfully up (additional write broker informations to influx and use
grafana to show them ... maybe some bps recalculation issues ...).
But i think the last part isn't possible with the current pmacct
implementation. I tried with tee plugin, but it is marely exclusive and
disallows filtering of internal netflow informations like src/dst.
Additional i thought about nfacctd + nfprobe plugin but this is not
possible. And an option to "replicate" or store my enriched netflow
information in a format which can be feeded to pmacct + nfprobe isn't
available, or maybe i can't find them.
Is there a solution for my conditions?
http://weiti.org - we...@weiti.org
GPG Fingerprint - E704 7303 6FF0 8393 ADB1 398E 67F2 94AE 5995 7DD8
pmacct-discussion mailing list