Hi, Ok, here's my situation:
I am just a beginner sysadmin... We have an existing (flowscan, flow-capture, rancid, postgresql) which was configured by the former(more talented) admin on one machine. I am working for an R&D ISP. Few days ago, we have upgraded our Internet Link to 155Mbps. Now the mrtg graph shows an enormous amount of traffic. Our director wants to know if those traffic are legitimate or just some DoS attacks. No problem, sir, let's take a look at our netflow protocol grapher... after choosing the necessary protocols to graph... holly cow!! its not working... don't worry i'll fix this thing asap sir.. In order to fix it... my general rule for all the services I have configured before... start them all from scratch to be able to learn how bits of pieces work together. Now, back into my problem... 1. I know the enable key to our routers (cisco 7206, 3640 - 12.2) 2. I know very few commands....(no problem, I'll just leave the router configuration to him.) 3. So far here's the necessary steps I got on my mind, (Please fill in the missing steps or the missing software needed for me.. I just need an overview of the things to be done as well as the software packages needed.) 1. choose a particular interface on the router where I want the ip route-cache flow to be enabled(this one is tricky... there are so many interfaces... Can't I just enable ip route-cache flow on all those interfaces? 2. configure the router to export its netflow to a machine running flow-capture listening on a particular flow... flowscan manual recommends these commands: ip flow-export version 5 peer-as ip flow-export destination 10.0.0.1 2055 Steps 1 and 2 on the router... is that all??? Did I miss anything? 3. Now on the machine... Here are the software which I am thinking to do all those sort of accounting staffs.. 3.1 flow-tools (consist of different tools, I only know 1, the flow-capture, used to capture the netflow being exported by the cisco router.. (also I have read some emails suggesting its use rather than using cflowd. 3.2 flow-scan I really don't have a clear idea of what is its purpose... aren't the rest of the flow- tools enough to do the job??? 4. RRD (round robin database) It was installed automatically on flowscan freebsd ports installation. Don't know why the former admin used postgresql instead. 5. Web server (apache perhaps... no problem with this) 6. The web interface of our netflow grapher uses CUGrapher.pl (Don't know what software this scripts are part of) Our web interface resides here: http://netflow.pregi.net It contains various links for the documentation of the applications used, but I guess its not quite complete. Flow-tools patch for flow-tools for exporting to postgresql Flowscan Cflow (was this software used together with flow tools??) CUFlow Postgresql (why not RRD???) That's all for now (its almost 1pm and I need to have some lunch.. i'm starving).. Thank you very much for your time. _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
