Netflow collector that can forward flows to another collector based on various metrics.
Good morning everyone, I am looking for a Netflow collector that can forward flows based on src ip/src net dst ip/dst net to another collector in either real or near time. If it can be configured via an API that is even better than having to edit configuration files. If anyone has any suggestions I would appreciate it. Thanks, -Drew
Hi, I don't know if pmacct has an API for it, but it can replicate netflow and also filter what it is forwarding. https://github.com/pmacct/pmacct/blob/master/QUICKSTART Beginning line 2093 Kind regards Karsten Am Donnerstag, 21. Januar 2021, 14:31:36 schrieb Drew Weaver:
Good morning everyone,
I am looking for a Netflow collector that can forward flows based on src ip/src net dst ip/dst net to another collector in either real or near time.
If it can be configured via an API that is even better than having to edit configuration files.
If anyone has any suggestions I would appreciate it.
Thanks, -Drew
I've been using samplicator for a few years for this, it can be configured to forward based on sender ip/net, but it does not have an API. I'm using it because it's small, simple and does only one thing. https://github.com/sleinen/samplicator //JH On 2021-01-21 15:39, Karsten Thomann via NANOG wrote:
Hi,
I don't know if pmacct has an API for it, but it can replicate netflow and also filter what it is forwarding.
https://github.com/pmacct/pmacct/blob/master/QUICKSTART
Beginning line 2093
Kind regards
Karsten
Am Donnerstag, 21. Januar 2021, 14:31:36 schrieb Drew Weaver:
Good morning everyone,
I am looking for a Netflow collector that can forward flows based on src
ip/src net dst ip/dst net to another collector in either real or near time.
If it can be configured via an API that is even better than having to edit
configuration files.
If anyone has any suggestions I would appreciate it.
Thanks,
-Drew
Speaking as the maintainer of samplicator, I'm not sure it's what Drew is looking for. Samplicator just sends copies of entire UDP packets. It doesn't understand NetFlow/IPFIX or whatever else those packets might contain. If I understand correctly, drew wants to forward some of the NetFlow/IPFIX flows, based on source/destination addresses *within those flows*. Samplicator cannot do that (by a long shot). pmacct sounds like a good suggestion. (I used to have a Lisp program that could also do this, and adding an API would have been trivial... but the program has been decommissioned recently after >20 years of service. Also I never got around to cleaning that up so that I could distribute the source. :-) -- Simon.
Plixer Replicator will do this via REST API is you are looking for a commercial solution. If you’re looking for a free solution, Samplicator will do this via config file. Neither is a “collector” as neither stores the flows. They simply forward/copy UDP streams based on a set policy. It sounds like this is what you are after. (Full disclosure I works for Plixer) Mike Krygeris On Thu, Jan 21, 2021 at 9:31 AM Drew Weaver <drew.weaver@thenap.com> wrote:
Good morning everyone,
I am looking for a Netflow collector that can forward flows based on src ip/src net dst ip/dst net to another collector in either real or near time.
If it can be configured via an API that is even better than having to edit configuration files.
If anyone has any suggestions I would appreciate it.
Thanks,
-Drew
You might try the SiLK offering from Carnegie-Mellon's CERT team. A netflow/sflow collector with full tool suite. Very robust, fast and free. https://tools.netsa.cert.org/silk On 1/21/2021 9:31 AM, Drew Weaver wrote:
Good morning everyone,
I am looking for a Netflow collector that can forward flows based on src ip/src net dst ip/dst net to another collector in either real or near time.
If it can be configured via an API that is even better than having to edit configuration files.
If anyone has any suggestions I would appreciate it.
Thanks,
-Drew
participants (6)
-
Drew Weaver -
Joe Loiacono -
Johan Hedberg -
Karsten Thomann -
Michael Krygeris -
Simon Leinen