How to generate netflow data in linux

linux networking monitoring linux-networking netflow
42,031

Solution 1

You should check IPT-NETFLOW, it seems exactly what you need implemented as a kernel module for IPTABLES. It is actively maintained and used succesfully in some ISP so should be good enough. Documentation could be better though (look into README file).

Solution 2

ntop will do it, but is probably not the best choice. Definitely check out pmacct; it's designed exactly for this. From the feature list:

  • Collects data through libpcap, Netlink/ULOG, NetFlow v1/v5/v7/v8/ - v9, sFlow v2/v4/v5 and IPFIX
  • Saves data to a number of backendsincluding memory tables, MySQL, PostgreSQL, SQLite and BerkeleyDB
  • Exports data to remote collectors through IPFIX, NetFlow v5/v9 andsFlow v5
  • Replicates incoming IPFIX, NetFlow and sFlow packets to remote collectors

Among many other things.

Solution 3

Here's a newer project for collecting and analyzing NetFlow data on Linux: ElastiFlow

Share:
42,031

Related videos on Youtube

Richard Keller
Author by

Richard Keller

Updated on September 18, 2022

Comments

  • Richard Keller
    Richard Keller almost 2 years

    We have a number of Linux servers for which I would like to capture netflow data to be processed by a netflow analyzer. I've been spoiled by the ease in which Mikrotik routers allow netflow data generation, but I haven't managed to find an opensource tool that is able to generate netflow data for multiple interfaces on a Linux system.

    I have come across fprobe but it seems quite buggy. Admittedly I haven't spent much time with it yet since I'd also like to evaluate some other possibilities. The other tool I've seen mentioned is nprobe, which appears to be GPL, but is not available as a free download since it is only offered for a fee.

    The servers on which I plan to generate netflow data are all Gentoo systems, but this shouldn't really make any difference. At most it means I would have to manually compile a tool from source.

    Summary: I'm looking for an opensource netflow generator that will work on Linux and allows capturing flows for multiple interfaces.

  • Wim Kerkhoff
    Wim Kerkhoff almost 13 years
    I don't like the idea of having to compile custom kernel modules - that can affect stability, unless indeed it's a very well tested and stable module...
  • Florian Heigl
    Florian Heigl over 8 years
    This isn't freebsd where such software can be developed against already in place kernel features like netgraph. Hardly any way to do this without a custom module. The good thing (and that's why i'm commenting) is that the sources are now on github and it also has dkms support now. Looks pretty good. github.com/aabc/ipt-netflow

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Can conky monitor other Linux computers on the network?
App or apps like NetLimiter Monitor for Linux
How to get real-time network statistics in Linux with KB/MB/Bytes format and for specific port or application processID?
How to track LAN usage? (AKA 'top for LAN')
Is there a way to find out what application using most of bandwidth in Linux?
What are the pros and cons of large receive offload (LRO) vs generic receive offload (GRO)
Error while bringing up eth1
Bridge interface for KVM VMs with access to Internet?
Server becomes unreachable and comes back up on its own (most likely a network issue)
Linux block outgoing traffic to a specific ip without iptables