The latest version of Host sFlow adds support for ULOG traffic
monitoring (with ingress/egress ifIndex numbers):
http://host-sflow.sourceforge.net/
Cheers,
Peter
My only issue is that I can't seem to find any good software for Linux that
works with multiple interfaces to generate the flow
the interface numbering issue.
http://tinyurl.com/32pjyfa
From: packetmon...@gmail.com [mailto:packetmon...@gmail.com] On Behalf Of
Darren Bolding
Sent: Monday, December 06, 2010 8:57 PM
To: Thomas York
Subject: Re: ipfix/netflow/sflow generator for Linux
We've used nprobe with good success
On Dec 7, 2010, at 8:27 PM, Thomas York wrote:
Yes, you can statically set it but that will drastically skew the data in
this environment.
What are you attempting to do that northbound/southbound isn't Good Enough?
---
At my current place of work, we use all Linux routers. I need to do some IP
accounting/reporting and am currently trying to use Scrutinizer. Scrutinizer
can use netstream, jstream, ipfix, netflow, and sflow data without qualms.
My only issue is that I can't seem to find any good software for Linux
IPtraf can be setup to look at flows per-block, per interface, per vlan, etc
and export the data every minute / 5 minutes. Back in the day I had it
scripted to dump data into rrdtool and give pretty graphs. See the man page,
it's well written.
Cheers,
-Jack Carrozzo
On Mon, Dec 6, 2010 at 2:15
On Mon, Dec 06, 2010 at 02:15:10PM -0500, Thomas York wrote:
I've had the best luck with ipcad. The only thing that seems to not work
with it is that it doesn't correctly give the interface number in the flow
information. It refers to all interfaces as interface 65535. I've tried the
config
/projects/fprobe
--
Samuel Petreski
Sr. Security Analyst
Georgetown University
-Original Message-
From: Thomas York [mailto:strate...@fuhell.com]
Sent: Monday, December 06, 2010 2:15 PM
To: nanog@nanog.org
Subject: ipfix/netflow/sflow generator for Linux
At my current place of work, we
to be the issue with most of the flow software I've tried.
-Original Message-
From: Samuel Petreski [mailto:sp...@georgetown.edu]
Sent: Monday, December 06, 2010 3:38 PM
To: 'Thomas York'; nanog@nanog.org
Subject: RE: ipfix/netflow/sflow generator for Linux
I've used fprobe with great
: RE:
ipfix/netflow/sflow generator for Linux
I've used fprobe with great success. You can run multiple instances
of fprobe for the different interfaces.
--Samuel
fprobe: a NetFlow probe - libpcap-based tool that collects network
traffic data and emit it as NetFlow flows towards the specified
To: 'Thomas York'; nanog@nanog.org Subject: RE:
ipfix/netflow/sflow generator for Linux
I've used fprobe with great success. You can run multiple instances of
fprobe for the different interfaces.
--Samuel
fprobe: a NetFlow probe - libpcap-based tool that collects network
traffic data
On Dec 7, 2010, at 3:44 AM, Thomas York wrote:
fprobe doesn't work properly because it has the input and output interface
IDs as both 0.
IIRC, this can be altered via a config change.
---
Roland Dobbins rdobb...@arbor.net
Message-
From: Dobbins, Roland [mailto:rdobb...@arbor.net]
Sent: Monday, December 06, 2010 4:20 PM
To: North American Network Operators Group
Subject: Re: ipfix/netflow/sflow generator for Linux
On Dec 7, 2010, at 3:44 AM, Thomas York wrote:
fprobe doesn't work properly because it has
On Dec 7, 2010, at 4:24 AM, Thomas York wrote:
It can, but then you are setting the input/output IDs statically. That would
work fine if your router only had 2 interfaces.
With a probe of this type, northbound/southbound tagging is generally
sufficient, in my experience (i.e., let's not
Try PMACCT, it is pretty handy.
Yiming
On 12/06/2010 01:15 PM, Thomas York wrote:
At my current place of work, we use all Linux routers. I need to do some IP
accounting/reporting and am currently trying to use Scrutinizer. Scrutinizer
can use netstream, jstream, ipfix, netflow, and sflow data
fprobe doesn't work properly because it has the input and output interface
IDs as both 0.
fprobe-ulog fixes this. From the http://fprobe.sourceforge.net/ front page:
fprobe-ulog - libipulog-based fork of fprobe. It obtains packets
through linux netfilter code (iptables ULOG
15 matches
Mail list logo
