| 1 | How to setup Netflow for FreeBSD and Linux. |
|---|
| 2 | |
|---|
| 3 | On FreeBSD: |
|---|
| 4 | |
|---|
| 5 | /usr/sbin/ngctl -f- <<-SEQ |
|---|
| 6 | mkpeer re0: netflow lower iface0 |
|---|
| 7 | name re0:lower netflow |
|---|
| 8 | connect re0: netflow: upper out0 |
|---|
| 9 | mkpeer netflow: ksocket export inet/dgram/udp |
|---|
| 10 | msg netflow:export connect inet/10.10.0.250:2222 |
|---|
| 11 | SEQ |
|---|
| 12 | |
|---|
| 13 | ... wbere re0 is for example the interface inside or outside |
|---|
| 14 | |
|---|
| 15 | By default it's v5 flows. Interval is fixed. |
|---|
| 16 | |
|---|
| 17 | On Linux: |
|---|
| 18 | |
|---|
| 19 | [Hervey] |
|---|
| 20 | |
|---|
| 21 | To see not just the inside->outside traffic, but also |
|---|
| 22 | the traffic generated by the noc machine itself, the trick is |
|---|
| 23 | to use INTERFACE="any" in /etc/default/softflowd. |
|---|
| 24 | |
|---|
| 25 | [Brian] |
|---|
| 26 | |
|---|
| 27 | To see IPv6 flows use -v 9. To break up long-lived flows use -t maxlife=5m |
|---|
| 28 | |
|---|
| 29 | ~~~ |
|---|
| 30 | INTERFACE="br-lan" |
|---|
| 31 | OPTIONS="-n 10.10.0.250:9991 -v 9 -t maxlife=5m" |
|---|
| 32 | ~~~ |
|---|
| 33 | |
|---|
