Appendix A. Detailed OSU flow-tools Collector Setup
This appendix gives detailed information on setting up and running a NetFlow collector based on OSU flow-tools, followed by some simple commands to enable NetFlow generation from a Cisco IOS router.
OSU flow-tools is a set of open source NetFlow collection utilities, which you can reference at http://www.splintered.net/sw/flow-tools/. Before you begin, ensure that your hardware meets the installation requirements, which are as simple as the following:
One server (or virtual server instance) running the *nix operating system
An appropriate amount of disk space (250 GB to 500 GB is a good starting point, though we’ve run some low-traffic environments on as little as 100 GB)
Set Up the Server
To prepare your server for NetFlow collection, follow these steps:
Download the latest package of flow-tools utilities (in this case, the version is 0.66) from ftp://ftp.eng.oar.net/pub/flow-tools/flow-tools-0.66.tar.gz. Place the file in the /tmp directory of your server.
Extract the files in /tmp with the following command:
tar -xzvf flow-tools-0.66.tar.gz
This creates a flow-tools-0.66 directory. Run the install-sh shell script in that directory as root. It will install flow-tools to /usr/local/netflow, containing all the flow-tools binaries.
Create a
netflowuser to run the collection software.suto thenetflowuser and start theflow-captureprocess, which prepares the system to receive forwarded flows. There are several options in the startup command ...
Get Security Monitoring now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
