ipfix/netflow/sflow generator for Linux

[jack at crepinc.com (Jack Carrozzo)]

IPtraf can be setup to look at flows per-block, per interface, per vlan, etc
and export the data every minute / 5 minutes. Back in the day I had it
scripted to dump data into rrdtool and give pretty graphs. See the man page,
it's well written.

Cheers,

-Jack Carrozzo

On Mon, Dec 6, 2010 at 2:15 PM, Thomas York <straterra at fuhell.com> wrote:

> At my current place of work, we use all Linux routers. I need to do some IP
> accounting/reporting and am currently trying to use Scrutinizer.
> Scrutinizer
> can use netstream, jstream, ipfix, netflow, and sflow data without qualms.
> My only issue is that I can't seem to find any good software for Linux that
> works with multiple interfaces to generate the flow information. I've tried
> ndsad, nprobe, softflowd, host sflow, and ipcad without much luck. Most of
> the software only works on one interface (which is useless as I need to do
> accounting for numerous interfaces).
>
>
>
> I've had the best luck with ipcad. The only thing that seems to not work
> with it is that it doesn't correctly give the interface number in the flow
> information. It refers to all interfaces as interface 65535. I've tried the
> config option for ipcad to map an interface directly to an SNMP interface
> ID, but that option of the config file seems to be ignored.
>
>
>
> Ntop functionally does exactly what I need, but it's extremely buggy. It
> segfaults after a few minutes, regardless of Linux distro or Ntop version.
> So..any ideas on what I can do to get good flow information from our Linux
> routers?
>
>