lists.netmrg.net lists.netmrg.net
NetMRG discussion and support
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Netflow?

 
Post new topic   Reply to topic    lists.netmrg.net Forum Index -> Development
Author Message
bluz
Beginner


Joined: 24 Aug 2004
Posts: 2
PostPosted: Wed Sep 22, 2004 5:34 pm    Post subject: Netflow? Reply with quote
Hi, over the last day or so i've tweaked NetMRG to also collect and display Cisco Netflow data... it's a really rough implementation and isn't fully configurable yet, but wondering if anyone else has tackled this?

Any plans to add this to Netmrg?
Regards,
Rob
Back to top
silfreed
Site Admin


Joined: 19 Jan 2003
Posts: 394
Location: Shippensburg, PA, USA
PostPosted: Wed Sep 22, 2004 6:15 pm    Post subject: Reply with quote
"Collect netflow" is a very large term - there's a lot of data going on. This could mean Top AS's (in and out), Top Protocols (HTTP, FTP, DNS, etc, in and out), and a couple other things.

In the past we've used argus logging to a mysql database (custom script), and then get aggregate data out of the mysql database.

We wouldn't mind hearing what you've done, though. If what you've worked on can be included in the contrib/ directory or as part of the distribution (in documentation or code), we'd love to have it.

-Doug
Back to top
bluz
Beginner


Joined: 24 Aug 2004
Posts: 2
PostPosted: Wed Sep 22, 2004 7:03 pm    Post subject: Reply with quote
Hi doug,

Thanks for the reply.

I don't really think i'm ready to share the code.. it's a bit of a mess. But I wanted to get an idea about it - I didn't want to spend 3 weeks on it and then find out it was already done.

What i've done so far, is basically is have a Cisco 2600 router send netflow to a listener on my netmrg server. The "listener" takes the data and imports it into a table called "netflows" in the netmrg database. Then i've just modified the view.php file and a few functions to allow a display type of "netflow" and manually added a few report types to the netmrg database. So a report type of "50" is top protocols by bandwidth, '51' is Current Top Flows, etc.

As you mentioned, there are a lot of problems with collecting netflow data. There's SO much. In 2 days I have 1.45Million records, slightly large to query on. So I'm thinking about ways to aggregate it in the database, without loosing the potential all the raw data has. I would like to do something simliar to what you've done with regards to aggregating using rrdtool and keeping the data in the database to a minimum.

If I did end up getting this integrated into netmrg, how would i provide that code back to netmrg?

BTW - great progamming wrt Netmrg.. i'm trying to use your example and keep the format clean.

Thanks. Rob
Back to top
Display posts from previous:   
Post new topic   Reply to topic    lists.netmrg.net Forum Index -> Development All times are GMT
Page 1 of 1

 



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group