Re: [Nfdump-discuss] Multiple sources for nfsen and nfdump questions
netflow collecting and processing tools
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfdump-discuss] Multiple sources for nfsen and nfdump questions
|
From: Peter H. <ha...@sw...> - 2006-02-15 15:38:29
|
-----BEGIN PGP SIGNED MESSAGE----- Addition: My colleague Simon Leinen maintains the samplicator software <http://www.switch.ch/tf-tant/floma/sw/samplicator/> According to him it should be possible, to collect flows, sent to a single port and resend the packets to a different port based on the source address of the packet. This would solve your problem. - Peter - --On February 15, 2006 12:40:17 +0100 Chelo Malagon <che...@re...> wrote: | Hello all, | I have two questions for the list. | We have thinking on putting into production nfsen+nfdump in our network | (RedIRIS, Spanish Reserach and academic network). We are talking | about feeding nfsen with 31 sources (all the routers in our | backbone). Has anybody experience about working with this hight | number of sources in nfsen? Till now, I have been testing nfsen with | a few sources (two or three). | | Another two questions are related to nfdump. The first one is: is it | possible to use flow-capture format file together with nfsen (I | think flow-export utility in flow-tools suit allow to export flows to | the nfdump format). The other is, as our | network is already configured, all | the routers (the 31 mentioned above) send flows to the | flow machine at the same UDP port. As far as I know one | nfcapd process is needed for each netflow stream, so I presume if I | have just one nfcapd process listening in that port the nfsen is not | going to work properly, right? and the only solution could be to | procees what arrives to that UDP single port with flow-fanout tool, | spliting the flows according to the src router and send each | flow to one UDP local port, having an nfcapd pocess listening in each | port as usual. Any other solution? | | Thanks in advance | Chelo | | | | | ------------------------------------------------------- | This SF.net email is sponsored by: Splunk Inc. Do you grep through log files | for problems? Stop! Download the new AJAX search engine that makes | searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! | http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 | _______________________________________________ | Nfdump-discuss mailing list | Nfd...@li... | https://lists.sourceforge.net/lists/listinfo/nfdump-discuss | - -- _______ SWITCH - The Swiss Education and Research Network ______ Peter Haag, Security Engineer, Member of SWITCH CERT PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland E-mail: pet...@sw... Web: http://www.switch.ch/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iQCVAwUBQ/NK5f5AbZRALNr/AQG5DgP/XQyflCaGYF3Dw6TJ5uuBmooVo5OKpLXa Jt3a5yTJyCG9dNXp09PwBZkTgLwU/x8PT9pIZlM1fzMMFkz6W3e9lrDyXg0+gJsO BxlBJL73+WSOIlaDLkPneLN9ZKEWZSVdeb74hwKKgbbthp2jpL2ZEMwCG2Qz/CHL aC9L2+3k9C8= =b8Iv -----END PGP SIGNATURE----- |