Netflow reflector / duplicator?
894 views
Skip to first unread message
Chas Mac
Apr 30, 2015, 3:55:36 PM4/30/15
to as-stat...@googlegroups.com
Several of our devices can send Netflow to just one target (or a max of two).
Is there a tool (preferably opensource, etc) that can "tee" off a single Netflow stream and re-direct copies of it to more than one target? Like AS-STATS + another system.
Is there a tool (preferably opensource, etc) that can "tee" off a single Netflow stream and re-direct copies of it to more than one target? Like AS-STATS + another system.
tkbe...@googlemail.com
Apr 30, 2015, 4:06:19 PM4/30/15
to as-stat...@googlegroups.com
Hi Chas,
On Thursday, April 30, 2015 at 9:55:36 PM UTC+2, Chas Mac wrote:
> Several of our devices can send Netflow to just one target (or a max of two).
>
> Is there a tool (preferably opensource, etc) that can "tee" off a single Netflow stream and re-direct copies of it to more than one target? Like AS-STATS + another system.
We do this with udp samplicator, e.g.:
https://github.com/sleinen/samplicator
Example, all incoming UDP packets to port 2050 are samplicated to
localhost port 3050 and 9000
/usr/local/bin/samplicate -p 2050 -n -S 127.0.0.1/3050 127.0.0.1/9000 &
nfdump listens to 3050
AS-Stats to 9000
Nice: with -S the original source IP address is kept, and therefore
nfdump still has the correct NetFlow sender.
Cheers,
Tim
On Thursday, April 30, 2015 at 9:55:36 PM UTC+2, Chas Mac wrote:
> Several of our devices can send Netflow to just one target (or a max of two).
>
> Is there a tool (preferably opensource, etc) that can "tee" off a single Netflow stream and re-direct copies of it to more than one target? Like AS-STATS + another system.
https://github.com/sleinen/samplicator
Example, all incoming UDP packets to port 2050 are samplicated to
localhost port 3050 and 9000
/usr/local/bin/samplicate -p 2050 -n -S 127.0.0.1/3050 127.0.0.1/9000 &
nfdump listens to 3050
AS-Stats to 9000
Nice: with -S the original source IP address is kept, and therefore
nfdump still has the correct NetFlow sender.
Cheers,
Tim
as-s...@jack.fr.eu.org
Apr 30, 2015, 4:44:31 PM4/30/15
to as-stat...@googlegroups.com
You can do that with iptables
Look at the "tee"
man iptables-extensions:
The TEE target will clone a packet and redirect this clone to another
machine on the local network segment. In other words, the nexthop must
be the target, or you will have to configure the nexthop to forward it
further if so desired.
Look at the "tee"
man iptables-extensions:
The TEE target will clone a packet and redirect this clone to another
machine on the local network segment. In other words, the nexthop must
be the target, or you will have to configure the nexthop to forward it
further if so desired.
Reply all
Reply to author
Forward
0 new messages