Configuring the Softflowd NetFlow Exporter
Softflowd is a software-only NetFlow exporter. You can use it to gather NetFlow traffic statistics if you don't have NetFlow-compatible routers or switches. Softflowd listens to traffic on an interface, and exports NetFlow v5 & v9 flow records to a program like InterMapper Flows.
Softflowd is open source software available from http://www.mindrot.org/projects/softflowd/. It runs on Linux, FreeBSD, and Mac OS X, but you must have a compiler and development environment to compile it from the source code. If you wish to run a software exporter on Windows, you should take a look at nProbe.
If you are prepared to install software directly from the source code, softflowd is fairly simple to install and use: you can install it on an old Linux, FreeBSD, or OSX box, and configure it to send the flows to InterMapper Flows. We use it for testing here, running on the host that provides our IPv6 tunnel to the rest of the Internet.
Although Dartware cannot give support for using softflowd, we have received reports that it works fine on FreeBSD and Linux.
Getting Softflowd
You can retrieve Softflowd from http://www.mindrot.org/projects/softflowd/. Scroll to the bottom of the page, and look for the "tar.gz" link under the Download heading. A cached tarball is also available.
Installation
Open a terminal window and change to the directory containing the "tar.gz" file. Before you build softflowd, verify that you have the development libraries for libpcap installed. If you don't, you can install libpcap-devel on RedHat systems using yum:
# yum install gcc
# yum install libpcap-develExpand the tarball and use the familiar configure; make; make install incantation:
# wget http://www.mindrot.org/files/softflowd/softflowd-0.9.8.tar.gz
# tar xfz softflowd-0.9.8.tar.gz
# cd softflowd-0.9.8
# ./configure --prefix=/opt/softflowd
# make
# make install
Once the software is installed, you can access the man pages for softflowd and softflowctl:
man -M /opt/softflowd/share/man softflowd
man -M /opt/softflowctl/share/man softflowctl
Running the Software
You must run softflowd from the command line. The following options are the most important:
- -v <version> - the version of NetFlow packets to export (5 or 9)
- -i <interface> - the interface to listen on, typically "eth0".
- -n <address>:<port> - IP address and port that should receive flow records
The command line might be:
/opt/softflowd/sbin/softflowd -v 9 -i eth0 -n 192.168.2.11:9996
This command will send flow records to InterMapper Flows at the IP address 192.168.2.11, on port 9996.
Execute File Path
/usr/local/sbin/softflowd
/usr/local/sbin/softflowctl
Man File Path
/usr/local/share/man/man8/softflowd.8
/usr/local/share/man/man8/softflowctl.8
留言列表
