- #NTOPNG NETFLOW COLLECTOR FOR FREE#
- #NTOPNG NETFLOW COLLECTOR SOFTWARE#
- #NTOPNG NETFLOW COLLECTOR CODE#
It comes bundled with a test collector script written in Perl.
#NTOPNG NETFLOW COLLECTOR CODE#
The projects website is outdated and the Google Code repository is dead, but was moved to Github. Softflowd is available on OpenWRT in version 0.9.9 (come on, make this a stable 1.0!). I kinda gave it a last lucky shot and entered ~# opkg find *flow*. Some customization later I set it aside, since I was still searching for a maintained OpenWRT solution - this was not it. I used a cubieboard tutorial to get a rough orientation and fired it up in a VM. But their frontends are either generic data aggregators or the package is not available for OpenWRT.
#NTOPNG NETFLOW COLLECTOR SOFTWARE#
The OpenWRT wiki has a list of possible software to be used for this. Searching for an alternative to ntop is not easy, since ntop clearly has a very good and tailored interface. There are some traces that there once was a package of nprobe (or better: a way to use ntop without nprobe) on OpenWRT until Barrier Breaker 14.07 - but the version is pretty old.
#NTOPNG NETFLOW COLLECTOR FOR FREE#
Too bad, since nprobe is not available for free so just playing around was not an option. ntop now works only bundled with nprobe, which works as a collector and/or proxy in front of ntop. It quickly turned out that newer versions of ntop do not anymore include a flow collector you need to save samples sent to your analyzer from your routing devices. I had ntop on my list for some time so I thought I could finally give it a shot. You can do this accessing the NetFlow statistics (menu Plugins -> NetFlow -> Statistics).When I restructured my network I wanted to test some more tools. Check if you have a firewall or similar blocking flows.At this point switch the ntop view to the netflow interface you have just created (menu Admin -> Switch NIC -> MyNetFlow)Īs soon as nProbe sends flows to ntop, the ntop web interface will show the flows being received.ntop automatically detects the flow version and decodes the flows without any further configuration.Local Collector UDP port: 2055 and click “Set Port”.MyNetFlow) and click “Set Interface Name”. NetFlow Device: pick a name you like (e.g.Inside the NetFlow plugin create a new virtual interface configured as follows:.Enable the NetFlow plugin (menu Plugins -> NetFlow -> Activate).In this case nProbe computes flows and sends them to host X on port 2055 Start nProbe as nprobe -i eth1 -n X:2055.The configuration to use is the following start ntop on host Y (note that both ntop and nProbe can run on the same host simultaneously).receive packets to account/analyze on interface eth1 of host X.In this configuration, nProbe captures packets from a network interface (or collects flows on a socket), computes flows based on packets, and sends them to ntop. As ntop has not been designed to operate on large/fast networks, it’s possible to use nProbe as pre-processor. NProbe is an efficient netflow/IPFIX probe that can also act as a collector dumpling flows on disk or onto a database (MySQL, sqlite and Fastbit).
0 kommentar(er)
