Hello Chris, Have you ever looked at Qosient Argus (http://qosient.com/argus/). I believe it has what you are looking for.
I have played (extremely basic setup) with it on Linux, have not tried to compile on OpenBSD. Thanks, Mike On Mar 2, 2014, at 12:58 PM, Chris Jones <jo...@chrisdavid.ca> wrote: > Good morning folks, > > I'm looking for advice on a freely available IPFIX probe/sensor for flow > export of our company's corporate firewall (Juniper SRX) traffic. An > unfortunate limitation of these firewalls is that J-Flow (Juniper's > version of Netflow) is unsupported when operating in an HA firewall > cluster (which we have). I could replace the firewalls with a pair of > OpenBSD firewalls, and would prefer this, however I'm unable to at this > point for reasons I won't get into. > > I've setup port-mirroring on our Brocade ICX switch that monitors all > the SRX firewall interfaces and mirrors to an interface on an OpenBSD > 5.4 server I setup to act as sensor/collector. I'd like to be able > promiscuously capture the mirror port traffic and export in IPFIX format > to something like NfSen/NFDUMP. The sensor solution needs to support > 802.1q as we have several VLAN interfaces on the firewall so traffic > sampled from the mirror-port interface contains both tagged and untagged > traffic. > > I've tried using softflowd exporting to flowd but it doesn't seem to > support 802.1q or IPFIX (yet). Any other suggestions or advice is > greatly appreciated. > > Cheers, > -Chris
