[133215] in North American Network Operators' Group
ipfix/netflow/sflow generator for Linux
daemon@ATHENA.MIT.EDU (Thomas York)
Mon Dec 6 14:15:22 2010
From: "Thomas York" <straterra@fuhell.com>
To: <nanog@nanog.org>
Date: Mon, 6 Dec 2010 14:15:10 -0500
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
At my current place of work, we use all Linux routers. I need to do some IP
accounting/reporting and am currently trying to use Scrutinizer. Scrutinizer
can use netstream, jstream, ipfix, netflow, and sflow data without qualms.
My only issue is that I can't seem to find any good software for Linux that
works with multiple interfaces to generate the flow information. I've tried
ndsad, nprobe, softflowd, host sflow, and ipcad without much luck. Most of
the software only works on one interface (which is useless as I need to do
accounting for numerous interfaces).
I've had the best luck with ipcad. The only thing that seems to not work
with it is that it doesn't correctly give the interface number in the flow
information. It refers to all interfaces as interface 65535. I've tried the
config option for ipcad to map an interface directly to an SNMP interface
ID, but that option of the config file seems to be ignored.
Ntop functionally does exactly what I need, but it's extremely buggy. It
segfaults after a few minutes, regardless of Linux distro or Ntop version.
So..any ideas on what I can do to get good flow information from our Linux
routers?
