One drop-in replacement is to use flowd (http://www.mindrot.org/projects/flowd) to collect and the flowd2ft script (http://mailman.splintered.net/pipermail/flow-tools/2010-May/003861.html) to create real flow-tools files that work with your existing backend scripts. Naturally, this only works for IPv4 flows. One subtle issue is that flow-tools cannot handle 32-bit SNMP interface index (ifIndex) values used by Cisco Nexus.
The first thing to do is check your router capabilities. IOS 12.4(22)T, IOS XE 2.x, and NX/OS 4.x all support native v5 export from flexible netflow. That would be far preferable to the above hack. -Craig ________________________________________ From: [email protected] [[email protected]] On Behalf Of Simon Leinen [[email protected]] Sent: Friday, November 26, 2010 7:42 AM To: Eliane Rameh Cc: [email protected] Subject: Re: [Flow-tools] Flow-tools and V9 netflow Dear Eliane, > I need to know if flow-tools supports the V9 netflow and if not, > what is the best replacement there was an e-mail thread about this question last month (it was about support for IPv6 flows, but that implies Netflow v9 support): http://mailman.splintered.net/pipermail/flow-tools/2010-October/thread.html#3888 My reading of the thread is this: * flow-tools doesn't support Netflow v9 (or IPv6) right now. * There is not much hope that this will be added to flow-tools in the near future. * There are a few possible replacements for flow-tools which do support Netflow v9 (and IPv6), but all of those require changes of any analysis scripts/jobs that you have - i.e., none of them provides command-line tools that would be compatible with flow-tools. I'd recommend looking at the NFDUMP/NfSen combo, except that I have never personally used the command-line tools, and I'm biased because it was written by someone at my company (Peter Haag). But it seems to be actively maintained, many people use it and seem happy with in. And it definitely supports Netflow (and IPv6 flows) very well. If someone would contribute flow-tools-compatible command-line tools that worked seamlessly with NFDUMP/NfSen, then we would live in a perfect world and we could probably close this mailing list... But as I said, I'm biased so maybe other options are worth looking at - e.g. SiLK, or some of the commercial tools. I try to keep a comprehensive list of software here: http://www.switch.ch/network/projects/completed/TF-NGN/floma/software.html -- Simon. _______________________________________________ Flow-tools mailing list [email protected] http://mailman.splintered.net/mailman/listinfo/flow-tools _______________________________________________ Flow-tools mailing list [email protected] http://mailman.splintered.net/mailman/listinfo/flow-tools
