Re: ng_netflow documentation

From: David Duchscher <kreios@xxxxxxxxx>
Date: Wed, 29 Mar 2006 13:34:27 -0600

On Mar 29, 2006, at 11:19 AM, Bart Van Kerckhove wrote:

Dear list,

I have been looking into ng_netflow lately for traffic analyzing.
It seems that this would do everything i'd ever need - though I have a hard
time tracking down (working) examples, or FAQ's/howto's/documentation.
I've done the most obvious things, googled it, searched the -net lists, but
to no (useful) effect.
I was wondering if this list could provide me with any useful links or info
regarding ng_netflow. That would be greatly appreciated!

Script that is working on one of my systems (fxp0 is its only interface):

kldload ng_ether
kldload ng_ksocket
kldload ng_tee
kldload ng_netflow

# Tap interface
ngctl mkpeer fxp0: tee lower right
ngctl name fxp0:lower tee0
ngctl connect fxp0: tee0: upper left

# Hook up netflow to tap
ngctl mkpeer tee0: netflow right2left iface0
ngctl name tee0:right2left netflow0
ngctl connect tee0: netflow0: left2right iface1

# Hook up netflow export to ksocket
ngctl msg netflow0: setifindex { iface=0 index=1 }
ngctl msg netflow0: setifindex { iface=1 index=2 }
ngctl mkpeer netflow0: ksocket export inet/dgram/udp
ngctl name netflow0:export nfexport
ngctl msg nfexport: connect inet/127.0.0.1:9996

Then you just need something to capture the netflow data like
ports/net-mgmt/flow-tools. You can also change 127.0.0.1 to any
routable host and the netflow packets will be sent to that host.

Hope this helps,
--
DaveD

_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Prev by Date: Re: IPMI and bge (again)
Next by Date: Re: REMINDER: Re: HEADS UP: network stack and socket hackery over the next few weeks (fwd)
Previous by thread: 802.3ad?
Next by thread: Re: REMINDER: Re: HEADS UP: network stack and socket hackery over the next few weeks (fwd)
Index(es):
- Date
- Thread

Relevant Pages

ng_netflow/ipfw/bridge problems and Netflow best practices
... I'm trying to collect Netflow traffic from FreeBSD 5.4 machine. ... I'm running ng_netflow module and ngctl with following parameters to catch ... ngctl mkpeer xl1: tee lower right ... ngctl mkpeer xl1_tee: netflow left2right iface0 ...
(freebsd-net)
Re: ng_netflow and bridging firewall
... G> I'm newbie to ng_netflow and I'm trying to collect Netflow traffic from ... G> This FreeBSD has 3 interfaces and it acts as bridging firewall using IPFW2. ... G> I'm running ng_netflow module and ngctl with following parameters: ... G> ngctl mkpeer xl1: tee lower right ...
(freebsd-isp)
ng_netflow and bridging firewall
... I'm newbie to ng_netflow and I'm trying to collect Netflow traffic from ... I'm running ng_netflow module and ngctl with following parameters: ... ngctl mkpeer xl1: tee lower right ... Also how can I include first interface xl0 to the ng_netflow configuration? ...
(freebsd-isp)
ng_iface+ng_netflow trouble
... # ngctl connect vlan44: netflow: upper iface31 ... And I'm enter fixed commands (upper hook placed instead of lower hook): ...
(freebsd-net)
ng_netflow unable to capture data
... I have a netoptics fiber tap that I use to split out the transmit signal from each router and I run them into two fiber interfaces on my host. ... kldload ng_ether ... ngctl mkpeer ngeth0: tee lower right ...
(freebsd-net)