We just have to build the destination directories and then run the program: mkdir -p /var/flows/MYROUTER This may be a sample configuration for MYROUTER (Cisco), where 192.168.0.9 is the IP address of our NetFlow box: ip flow-export source FastEthernet0/0.1 It will keep files up to a maximum of 5 GB. So, I acquire data from MYROUTER, which sends NetFlow version 5 data from 192.168.0.1 this flow-capture instance will be listening on port 3001 of every local IP address (0.0.0.0) and it will store data on the /var/flows/MYROUTER directory, with a nesting level of type 3, that is directories like /var/flows/MYROUTER/YYYY/YYYY-MM/YYYY-MM-DD/. You can execute man flow-capture to view all the arguments it accepts here I used the following example: # MYROUTER Its configuration file is pretty simple it’s built up by many lines containing the command line arguments of flow-capture: each line is used to run an instance of the program. Let’s edit the main configuration file, nf, where we tell flow-capture what we want to acquire and how we want to store it: cd /etc/flow-tools
#Install cacti on debian install
Acquiring dataįirst off, we need to acquire NetFlow data generated by our routers flow-tools is the package we need: apt-get install flow-tools The package contains 2 programs also, FlowTracker_Collector and FlowTracker_Grapher, which run periodically and build MRTG-like graphs, storing data in RRD databases. They can be used through a web-server and they let us analyze data collected by flow-capture. The FlowViewer package is splitted up on 3 CGIs: FlowViewer, FlowGrapher and FlowTracker. The flow-tools package is built up by a lot of components, many of them are transparently used by FlowViewer here I’ll focus on the flow-capture program, the one which acquires and collect the data. There are two main packages involved in the solution: flow-tools, used to acquire and collect NetFlow data generated by our routers, and FlowViewer, used to process, view and paint them on nice graphs.
#Install cacti on debian how to
Many tools have been developed to collect and analyze NetFlow data, here I chose flow-tools and FlowViewer packages, and I would like to show how to get them work on a fresh Debian 5.0 (Lenny) setup. NetFlow is a very useful tool/protocol to monitor network traffic’s patterns.
0 kommentar(er)
