[194922] in North American Network Operators' Group
Re: Proxying NetFlow traffic correctly
daemon@ATHENA.MIT.EDU (=?UTF-8?B?SsOpcsO0bWUgRmxldXJ5?=)
Thu Jun 8 01:03:12 2017
X-Original-To: nanog@nanog.org
In-Reply-To: <X5NQb1U3i7cGQ-2WNAeEgksMbcc-k81yeYg8bb_U5cXWn2OfOq34iaOpoQnvSqG6x0WV4PTvFVu_lxYW-3mn1sYQMZgMGRStIyxmwUNP3Bw=@protonmail.com>
From: =?UTF-8?B?SsOpcsO0bWUgRmxldXJ5?= <jerome@fleury.net>
Date: Wed, 7 Jun 2017 22:02:48 -0700
To: Sami <samiii@protonmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
We use pmacct with it's tee plugin - it gets the job done beautifully and
it's a one-liner config.
https://github.com/pmacct/pmacct/blob/master/CONFIG-KEYS
On Tue, Jun 6, 2017 at 2:43 PM, Sami via NANOG <nanog@nanog.org> wrote:
> Hello,
> I have been searching for a solution that collects/duplicates NetFlow
> traffic properly for a while but i couldn't find any.
> Do you know any good unix alternative to ntopng, flowd, flow-tools?
>
> nprobe of netflow seems to be the closest one to fit my needs but i want
> to see if there are any other solution.
>
> My goal is to centralize NetFlow traffic into a single machine and then
> proxy some flows to other destinations for further analysis
>
> Best Regards,
> Sami
