Diferencia entre revisiones de «Análisis de tráfico»

De gacq wiki
Saltar a: navegación, buscar
Línea 46: Línea 46:
 
/etc/flowscan/CUFlow.cf
 
/etc/flowscan/CUFlow.cf
 
<pre><nowiki>
 
<pre><nowiki>
 +
</nowiki></pre>
 +
Se puede ver la sintaxis aca: http://www.columbia.edu/acis/networks/advanced/CUFlow/CUFlow.html
 +
 +
===Errores===
 +
Errores al correr flowscan
 +
<pre><nowiki>
 +
2006/07/26 18:12:22 working on file /var/lib/netflow/ft/ft-v05.2006-07-26.174716-0300...
 +
/var/lib/netflow/ft/ft-v05.2006-07-26.174716-0300: Invalid index in cflowd flow file: 0xCF100103! Version 5 flow-export is required with *all* fields being saved.
 
</nowiki></pre>
 
</nowiki></pre>
  

Revisión del 18:26 26 jul 2006

Analisis de trafico

NetFlow

Informacion

flowscan

http://www.caida.org/tools/utilities/flowscan/ Reportes de ejemplo:

flow-tools vs cflowd

Why use flow-tools instead of cflowd?

  • flow-capture preserves the sub-second portion of the NetFlow timestamps that cflowd discards
  • flow-tools is easier to build because it is written in portable C. Problems with building cflowd may occur because it requires cutting edge C++ features
  • flow-tools is actively maintained, and supports newer NetFlow versions, including those from the popular Cisco Cat6K series platforms

Analisis del trafico por una interface ethernet en un servidor debian

Fuente: http://www.prolixium.com/sitenews.php?id=482

apt-get install fprobe-ng flow-tools flowscan flowscan-cuflow flowscan-cugrapher rrdtool
mkdir -p /var/lib/netflow/ft
mkdir /var/lib/netflow/rrds
mkdir /var/lib/netflow/scoreboard

Dejar /etc/flow-tools/flow-capture.conf solo con:

-w /var/lib/netflow/ft -E 1G -N 0 -n 287 -S 60 -V 5 -z 9 0/0/555

Reiniciar el servicio

/etc/init.d/flow-capture restart

dejar /etc/flowscan/flowscan.cf con

FlowFileGlob /var/lib/netflow/ft/ft-v05.*
ReportClasses CUFlow
WaitSeconds 30
Verbose 1

/etc/flowscan/CUFlow.cf


Se puede ver la sintaxis aca: http://www.columbia.edu/acis/networks/advanced/CUFlow/CUFlow.html

Errores

Errores al correr flowscan

2006/07/26 18:12:22 working on file /var/lib/netflow/ft/ft-v05.2006-07-26.174716-0300...
/var/lib/netflow/ft/ft-v05.2006-07-26.174716-0300: Invalid index in cflowd flow file: 0xCF100103! Version 5 flow-export is required with *all* fields being saved.



Otros