Unforunately Andreas, flow-tools will not capture v9 netflow. An alternative is SiLK, and you can use FlowViewer for the user interface.
SiLK: http://tools.netsa.cert.org/silk FlowViewer: http://sourceforge.net/projects/flowviewer Joe Loiacono From: Andreas Houben <[email protected]> To: <[email protected]> Date: 09/25/2013 01:44 PM Subject: [Flow-tools] flow-capture not capturing Sent by: [email protected] Hi, I’m trying to capture netflow v9 packets via flow-tools. I startet flow-capture with the following options: sudo flow-capture -p /var/log/netflow/flow-capture.pid -w /var/log/netflow -E5G -S3 0/0/2055 I used “sudo” to make sure that there are no permission problems. Netstat shows the port is listening: “netstat -an |grep 2055” shows udp 0 0 0.0.0.0:2055 0.0.0.0:* When I use “tcpdump –i eth0 udp” I get lots of delivered packets. Yet there are no files written. Any suggestions? Greetings, Andreas_______________________________________________ Flow-tools mailing list [email protected] http://mailman.splintered.net/mailman/listinfo/flow-tools
<<inline: graycol.gif>>
_______________________________________________ Flow-tools mailing list [email protected] http://mailman.splintered.net/mailman/listinfo/flow-tools
