Re: ipfix/netflow/sflow generator for Linux

On Dec 7, 2010, at 8:27 PM, Thomas York wrote: > Yes, you can statically set it but that will drastically skew the data in > this environment. What are you attempting to do that northbound/southbound isn't Good Enough? --- R

RE: ipfix/netflow/sflow generator for Linux

t ticket with ipcad to fix the interface numbering issue. http://tinyurl.com/32pjyfa From: packetmon...@gmail.com [mailto:packetmon...@gmail.com] On Behalf Of Darren Bolding Sent: Monday, December 06, 2010 8:57 PM To: Thomas York Subject: Re: ipfix/netflow/sflow generator for Linux We&#x

Re: ipfix/netflow/sflow generator for Linux

>fprobe doesn't work properly because it has the input and output interface >IDs as both 0. fprobe-ulog fixes this. From the http://fprobe.sourceforge.net/ front page: fprobe-ulog - libipulog-based fork of fprobe. It obtains packets through linux netfilter code (iptables ULOG tar

Re: ipfix/netflow/sflow generator for Linux

Try PMACCT, it is pretty handy. Yiming On 12/06/2010 01:15 PM, Thomas York wrote: At my current place of work, we use all Linux routers. I need to do some IP accounting/reporting and am currently trying to use Scrutinizer. Scrutinizer can use netstream, jstream, ipfix, netflow, and sflow data w

Re: ipfix/netflow/sflow generator for Linux

On Dec 7, 2010, at 4:24 AM, Thomas York wrote: > It can, but then you are setting the input/output IDs statically. That would > work fine if your router only had 2 interfaces. With a probe of this type, northbound/southbound tagging is generally sufficient, in my experience (i.e., let's not ma

RE: ipfix/netflow/sflow generator for Linux

ginal Message- From: Dobbins, Roland [mailto:rdobb...@arbor.net] Sent: Monday, December 06, 2010 4:20 PM To: North American Network Operators Group Subject: Re: ipfix/netflow/sflow generator for Linux On Dec 7, 2010, at 3:44 AM, Thomas York wrote: > fprobe doesn't work properly becau

Re: ipfix/netflow/sflow generator for Linux

On Dec 7, 2010, at 3:44 AM, Thomas York wrote: > fprobe doesn't work properly because it has the input and output interface > IDs as both 0. IIRC, this can be altered via a config change. --- Roland Dobbins //

RE: ipfix/netflow/sflow generator for Linux

ginal Message- From: Samuel Petreski > [mailto:sp...@georgetown.edu] Sent: Monday, December 06, 2010 3:38 PM > To: 'Thomas York'; nanog@nanog.org Subject: RE: > ipfix/netflow/sflow generator for Linux > > I've used fprobe with great success. You can run multiple ins

Re: ipfix/netflow/sflow generator for Linux

'Thomas York'; nanog@nanog.org Subject: RE: ipfix/netflow/sflow generator for Linux I've used fprobe with great success. You can run multiple instances of fprobe for the different interfaces. --Samuel fprobe: a NetFlow probe - libpcap-based tool that collects network traffic data and e

RE: ipfix/netflow/sflow generator for Linux

seems to be the issue with most of the flow software I've tried. -Original Message- From: Samuel Petreski [mailto:sp...@georgetown.edu] Sent: Monday, December 06, 2010 3:38 PM To: 'Thomas York'; nanog@nanog.org Subject: RE: ipfix/netflow/sflow generator for Linux I'

RE: ipfix/netflow/sflow generator for Linux

I've used fprobe with great success. You can run multiple instances of fprobe for the different interfaces. --Samuel fprobe: a NetFlow probe - libpcap-based tool that collects network traffic data and emit it as NetFlow flows towards the specified collector. WWW: http://sourceforge.net/project

Re: ipfix/netflow/sflow generator for Linux

On Mon, Dec 06, 2010 at 02:15:10PM -0500, Thomas York wrote: > I've had the best luck with ipcad. The only thing that seems to not work > with it is that it doesn't correctly give the interface number in the flow > information. It refers to all interfaces as interface 65535. I've tried the > config

Re: ipfix/netflow/sflow generator for Linux

IPtraf can be setup to look at flows per-block, per interface, per vlan, etc and export the data every minute / 5 minutes. Back in the day I had it scripted to dump data into rrdtool and give pretty graphs. See the man page, it's well written. Cheers, -Jack Carrozzo On Mon, Dec 6, 2010 at 2:15 P