Scribd
Upload
11K views4 pages

Cacti Netflow Collector (Flowview) and Softflowd

This document provides instructions for configuring Cacti Netflow Collector (Flowview) and Softflowd to collect and analyze network flow data. It describes configuring port mirroring on a Cisco router or switch, installing Softflowd on a Linux server, configuring Softflowd to send data to Flowview, and starting the flow capture service in Cacti. Once configured, network flow details will be visible in the Cacti web interface.

Uploaded by

Jh0n Fredy H
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
11K views4 pages

Cacti Netflow Collector (Flowview) and Softflowd

This document provides instructions for configuring Cacti Netflow Collector (Flowview) and Softflowd to collect and analyze network flow data. It describes configuring port mirroring on a Cisco router or switch, installing Softflowd on a Linux server, configuring Softflowd to send data to Flowview, and starting the flow capture service in Cacti. Once configured, network flow details will be visible in the Cacti web interface.

Uploaded by

Jh0n Fredy H
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
You are on page 1/ 4

Cacti Netflow Collector (Flowview) and Softflowd

## First to all we need configure port mirror on cisco router or catalyst switch on layer 2 port.

### As you can see the port configured as Port mirror is fa1/0, in this interface has been connected the CACTI BOX. yum install libpcap-devel Downlaod softflowd from http://code.google.com/p/softflowd/

tar -xzvf /home/admin/Desktop/softflowd-0.9.9.tar.gz cd /home/admin/Desktop/softflowd-0.9.9 ./configure make all make install /usr/local/sbin/softflowd -i eth0 -v 5 -n 127.0.0.1:2204 -T full /usr/local/sbin/softflowctl statistics

/usr/local/sbin/softflowctl shutdown ### Add the script to the file rc.local in order to execute it when the system start up vi /etc/rc.local /usr/local/sbin/softflowd -i eth0 -v 5 -n 127.0.0.1:2204 -T full Softflowd only sends flow information to the collector once the flow has ended--for example, when the FTP session ends, when the Web page has been delivered, and so on. This means that at any moment, softflowd will have a cache of connections in progress. When you stop softflowd, run

softflowctl shutdown so that softflowd will expire those flows and send them to your collector immediately. Simply shutting down the server running softflowd will cause you to lose the active-but-incomplete flows. You're going to lose some information anyway if you reboot your sensor, but you might as well keep that loss as minimal as possible. # Finally you need to configure The listener on flowview # Go to Flows in cacti web page, select Listeners Tab, click Add

/etc/init.d/flow-capture stop /etc/init.d/flow-capture start

Wait a moment and you can see flow details

You might also like