Date: Fri, 29 Mar 2024 14:32:52 +0000 (UTC) Message-ID: <990209804.4161.1711722772019@skald.opmantek.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_4160_1350933145.1711722772018" ------=_Part_4160_1350933145.1711722772018 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Since version 3 of opFlow the default listening port is the more-or-less=
standard port 9995; for instructing nfdump/nfcapd to use a different port =
see the opFlow 3 In=
stallation Guide.
(In legacy version 2.x, a different flow collector was used, and the defaul=
t port was 12345; instructions for changing that can be found in the opFlow 2.x Installation Gui=
de.
The following is a basic Cisco Router configuration for telling the rout= er to send Netflow data to the opFlow.
! this command is= optional, this will flow data about in-progress flows, very handy for larg= e file transfers. ip flow-cache timeout active 1 ! version can be 5 or 9 with 9 add IPV4 template ip flow-export version 5=20 ip flow-export destination <opflow_server> 9995 ! interface FastEthernet0/0 !only if you want output traffic ip flow ingress !only if you want input traffic ip flow egress
To keep things simple if you are o= nly looking at IPV4 traffic then use Version 5 J-Flow example below. = As shown
interfaces { = =20 ge-0/0/0 { =20 unit 0 { =20 family inet { =20 sampling { =20 input; =20 output; =20 =20 forwarding-options { =20 sampling { =20 input { =20 rate 100; =20 #### This means 1 in every 100 packets is sampled DO NOT reduce this to = 1 unless the router is very lightly loaded. =20 } =20 family inet { =20 output { =20 flow-server 192.168.1.1 { port 12345; =20 version 5; ### Version 5 is simplest but only supports IPV4 =20 } =20 } =20 } =20 } =20 }
J-FLow version 9 supports other = protocols such as IPV6 and MPLS . To get good results we recommend yo= u still only use a template for IPV4 with Version 9. There are some s= ubtle differences with the SRX models for the config so please refer to&nbs= p;J-Flow = SRX version 9 Config Examples
I will discuss a very basic configuration= .
On the interface you want to collect flow= traffic from, add:
ip flow ingress
ip flow egress
|
Now that you have an interface setup to g= ather netflow information you have to tell the router to send it somewhere:=
ip flow- ex=
port version 9
# replace the ip address in the following lin=
e with your VM's ip address
ip flow- ex=
port destination 192.168.0.10 12345<=
/code>
|
If you enable that configuration netflow = traffic should now be sent to your VM.
By default netflow will send information = about flows after they are finished, if you would like to see information m= ore often you can set the flow-cache timeout, in minutes, so this will send= flow info every minute (see the docs for more details):
ip flow-cache timeout active 1
|
opFlow will now be displaying you= r data! Visit http://<vm_ip_address>= ;/cgi-omk/opFlow.pl and take a look! (also make sure you have a= license)
ps. Authentication info for Opmantek =
modules is the same as it is for NMIS, the default is:
username: nmis
password: nm1888
For more information and help with opFlow= see its community homepage