How to generate netflow data in linux

monitoring networking linux linux-networking netflow

You should check IPT-NETFLOW, it seems exactly what you need implemented as a kernel module for IPTABLES. It is actively maintained and used succesfully in some ISP so should be good enough. Documentation could be better though (look into README file).


ntop will do it, but is probably not the best choice. Definitely check out pmacct; it's designed exactly for this. From the feature list:

  • Collects data through libpcap, Netlink/ULOG, NetFlow v1/v5/v7/v8/ - v9, sFlow v2/v4/v5 and IPFIX
  • Saves data to a number of backendsincluding memory tables, MySQL, PostgreSQL, SQLite and BerkeleyDB
  • Exports data to remote collectors through IPFIX, NetFlow v5/v9 andsFlow v5
  • Replicates incoming IPFIX, NetFlow and sFlow packets to remote collectors

Among many other things.


Here's a newer project for collecting and analyzing NetFlow data on Linux: ElastiFlow

Related

SSL Certificate Class 2 vs Class 3 vs Class 4
The following packages have unmet dependencies: nodejs : Conflicts: npm
IBus >= 1.5.11 on Ubuntu
How does HTTPS certificate switching work (like on suche.org)?
What is the latency WITHIN a data center? I ask this assuming there are orders of magnitude of difference
Running shell script with no environmental variables
Change Windows AD password from Linux
Why is ARIN (etc.) allocating such large blocks of IPv6 addresses?
How to start and stop a systemd unit with another?
Trying to add a new SQL Server user throws the error "is not a valid login or you do not have permission”
How do I turn off IE's protected mode in Windows 2008 R2?
Diagnosing Microsoft SQL Server error 9001: The log for the database is not available