On 2.3.2014. 18:58, Chris Jones wrote: > Good morning folks, > > I'm looking for advice on a freely available IPFIX probe/sensor for flow > export of our company's corporate firewall (Juniper SRX) traffic. An > unfortunate limitation of these firewalls is that J-Flow (Juniper's > version of Netflow) is unsupported when operating in an HA firewall > cluster (which we have). I could replace the firewalls with a pair of > OpenBSD firewalls, and would prefer this, however I'm unable to at this > point for reasons I won't get into. > > I've setup port-mirroring on our Brocade ICX switch that monitors all > the SRX firewall interfaces and mirrors to an interface on an OpenBSD > 5.4 server I setup to act as sensor/collector. I'd like to be able > promiscuously capture the mirror port traffic and export in IPFIX format > to something like NfSen/NFDUMP. The sensor solution needs to support > 802.1q as we have several VLAN interfaces on the firewall so traffic > sampled from the mirror-port interface contains both tagged and untagged > traffic. > > I've tried using softflowd exporting to flowd but it doesn't seem to > support 802.1q or IPFIX (yet). Any other suggestions or advice is > greatly appreciated. > > Cheers, > -Chris >
Hi, maybe you could try http://www.pmacct.net/
