Softflowd with Netflow Analyzer
Has anyone had experience using the Netflow sensor 'softflowd' on a Linux system
http://www.mindrot.org/softflowd.html with Netflow Analyzer. I've got my Cisco routers sending Netflow v5 flows to the Netflow Analyzer and they show up fine.
When sending the flows from softflowd to 'flow-tools' http://www.splintered.net/sw/flow-tools/ ; the collector picks up the data fine.
However when using softflowd -v 5 -n x.x.x.x:9996 where x.x.x.x is the Netflow Analyzer, nothing shows up although a packet sniffer shows lots of udp 9996 port traffic going to the machine running Analyzer.
If I change the version of netflow packets to -v 1 for example Netflow Analyzer complains that it is not receiving v5 or v7 Netflow packets; which is expected showing at least that it does seem to be talking to the Analyzer.
Has anyone tried softflowd with Netflow Analyzer? Or are there other *nix based sensors that others have had experience with?
When sending the flows from softflowd to 'flow-tools' http://www.splintered.net/sw/flow-tools/ ; the collector picks up the data fine.
However when using softflowd -v 5 -n x.x.x.x:9996 where x.x.x.x is the Netflow Analyzer, nothing shows up although a packet sniffer shows lots of udp 9996 port traffic going to the machine running Analyzer.
If I change the version of netflow packets to -v 1 for example Netflow Analyzer complains that it is not receiving v5 or v7 Netflow packets; which is expected showing at least that it does seem to be talking to the Analyzer.
Has anyone tried softflowd with Netflow Analyzer? Or are there other *nix based sensors that others have had experience with?
Topic Participants
adhiggins91
netflow_support
vinyljunky
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?