Hello netflow specialist! What free software implementation of a netflow probe do you use and which ones are reliable for long term usage?
I have found three fprobe (http://sourceforge.net/projects/fprobe/) fprobe (http://psi.home.ro/flow - not available) Softflowd (http://www.mindrot.org/softflowd.html) and nProbe, which is not for free. Until now I am using softflowd (http://www.mindrot.org/projects/softflowd/) on linux. It's statistic function ("softflowctl statistics") is very nice and it is smart in flushing/expiring flow records before shutting down. But I am missing support for multiple remote collector addresses, given like this: "-n collector1:8885 -n collector2:8885". The sourceforge fprobe can send the flow information to more than one collector at a time. But when shutting down it's zapping the already collected flow information (tethereal does not show any UDP flow datagramm when shutting down). Maybe this is not very vital, but well - softflowd is smarter. Does anyone know how to figure out whether fprobe has lost some packets (like the "Packets dropped by libpcap:" and "Packets dropped by interface:" statistics of softflowd). And does anyone know whether this "dropped" packets are really all missing packets or is this only the number of missing packets softflowd knows about but maybe this number is bigger? Another question is: Do you know of a "multiplexing relay" that resceives flow records and resends it to one or more remote or local collectors? Joerg ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
