On 2.3.2014. 21:04, Hrvoje Popovski wrote: > On 2.3.2014. 18:58, Chris Jones wrote: >> Good morning folks, >> >> I'm looking for advice on a freely available IPFIX probe/sensor for flow >> export of our company's corporate firewall (Juniper SRX) traffic. An >> unfortunate limitation of these firewalls is that J-Flow (Juniper's >> version of Netflow) is unsupported when operating in an HA firewall >> cluster (which we have). I could replace the firewalls with a pair of >> OpenBSD firewalls, and would prefer this, however I'm unable to at this >> point for reasons I won't get into. >> >> I've setup port-mirroring on our Brocade ICX switch that monitors all >> the SRX firewall interfaces and mirrors to an interface on an OpenBSD >> 5.4 server I setup to act as sensor/collector. I'd like to be able >> promiscuously capture the mirror port traffic and export in IPFIX format >> to something like NfSen/NFDUMP. The sensor solution needs to support >> 802.1q as we have several VLAN interfaces on the firewall so traffic >> sampled from the mirror-port interface contains both tagged and untagged >> traffic. >> >> I've tried using softflowd exporting to flowd but it doesn't seem to >> support 802.1q or IPFIX (yet). Any other suggestions or advice is >> greatly appreciated. >> >> Cheers, >> -Chris >> > > Hi, > > maybe you could try http://www.pmacct.net/ >
Or you could export sflow (i know it's not ipfix) from switch directly to nfdump.
