* netflow
@ 2011-07-14 14:19 Usuário do Sistema
2011-07-14 15:04 ` netflow Jan Engelhardt
0 siblings, 1 reply; 3+ messages in thread
From: Usuário do Sistema @ 2011-07-14 14:19 UTC (permalink / raw)
To: Mail List - Netfilter
Hello,
I'm researching about netflow on linux. I wish that an linux machine
forwards it flows to a colletor netflow inside my network.
my doubt is how to generate this netflow on linux. I've added the
ipt_netflow-1.6.tgz module and I created some rules as bellow in
iptables:
iptables -A OUTPUT -j NETFLOW
iptables -A OUTPUT -j NETFLOW
I'm forwarding the flows to my netflow collector with modprobe
ipt_NETFLOW destination=10.10.10.1:2055
so...my question is there is other different way to generate netflows
on linux machine than add rules in the iptables and add ipt_netflow
module ??
thank!
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: netflow
2011-07-14 14:19 netflow Usuário do Sistema
@ 2011-07-14 15:04 ` Jan Engelhardt
2011-07-14 15:17 ` netflow Peter Phaal
0 siblings, 1 reply; 3+ messages in thread
From: Jan Engelhardt @ 2011-07-14 15:04 UTC (permalink / raw)
To: Usuário do Sistema; +Cc: Mail List - Netfilter
On Thursday 2011-07-14 16:19, Usuário do Sistema wrote:
>Hello,
>
>I'm researching about netflow on linux. I wish that an linux machine
>forwards it flows to a colletor netflow inside my network.
>
>my doubt is how to generate this netflow on linux. I've added the
>ipt_netflow-1.6.tgz module and I created some rules as bellow in
>iptables:
>
>iptables -A OUTPUT -j NETFLOW
>iptables -A OUTPUT -j NETFLOW
>
>I'm forwarding the flows to my netflow collector with modprobe
>ipt_NETFLOW destination=10.10.10.1:2055
>
>so...my question is there is other different way to generate netflows
>on linux machine than add rules in the iptables and add ipt_netflow
>module ??
You could use -j TEE to send the original packets to a dedicated logging
host, and then do netflow (or any other logtype) analysis there.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: netflow
2011-07-14 15:04 ` netflow Jan Engelhardt
@ 2011-07-14 15:17 ` Peter Phaal
0 siblings, 0 replies; 3+ messages in thread
From: Peter Phaal @ 2011-07-14 15:17 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Usuário do Sistema, Mail List - Netfilter
Another option is to use netfilter's packet sampling/ULOG facilities
to monitor network traffic.
You can export the traffic as sFlow:
http://host-sflow.sourceforge.net/
or NetFlow:
http://www.pmacct.net/
2011/7/14 Jan Engelhardt <jengelh@medozas.de>:
> On Thursday 2011-07-14 16:19, Usuário do Sistema wrote:
>
>>Hello,
>>
>>I'm researching about netflow on linux. I wish that an linux machine
>>forwards it flows to a colletor netflow inside my network.
>>
>>my doubt is how to generate this netflow on linux. I've added the
>>ipt_netflow-1.6.tgz module and I created some rules as bellow in
>>iptables:
>>
>>iptables -A OUTPUT -j NETFLOW
>>iptables -A OUTPUT -j NETFLOW
>>
>>I'm forwarding the flows to my netflow collector with modprobe
>>ipt_NETFLOW destination=10.10.10.1:2055
>>
>>so...my question is there is other different way to generate netflows
>>on linux machine than add rules in the iptables and add ipt_netflow
>>module ??
>
> You could use -j TEE to send the original packets to a dedicated logging
> host, and then do netflow (or any other logtype) analysis there.
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-07-14 15:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-07-14 14:19 netflow Usuário do Sistema
2011-07-14 15:04 ` netflow Jan Engelhardt
2011-07-14 15:17 ` netflow Peter Phaal
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.