Fluke Recording Equipment manual Using sflowtool to Convert sFlow Records to NetFlow, Address

Page 81

User’s Guide – version 3.1.3

NetFlow Tracker

Using sflowtool to Convert sFlow Records to NetFlow

NetFlow Tracker does not directly support devices which export sFlow records; however, the developer of sFlow provides a tool to convert sFlow records to NetFlow records, available at http://www.inmon.com/technology/sflowTools.php. This is a simple command-line utility which can be run as a daemon on Unix or a service on Windows by using one of the many free service installers available. The required command line options are:

-p <port>

This sets the incoming port number; the device should be configured to send sFlow records to this port on the address of the server running sflowtool.

-c <address>

This sets the address of the NetFlow Tracker server.

-d <port>

This sets the port on the NetFlow Tracker server that NetFlow records are sent to; this must be one of the ports configured in the Listener Ports settings page (2055 is monitored by default).

-S

This asks the tool to create NetFlow packets with the same source address as the incoming sFlow records, thus tricking NetFlow Tracker into believing that the NetFlow packets came directly from the device. Note that the tool will need to be run as root on Unix systems or as an administrator on Windows for this to work. If you use a service installer on Windows to run the tool it will be run under the built-in system account which is similar to an administrator account.

Note that support for this feature depends upon how the tool was compiled from source code and on operating system support – Windows XP does not support IP address spoofing, for example, and as a result recent Windows versions of the tool do not offer the feature on any version of Windows.

-e

This includes the peer AS numbers in the generated NetFlow records rather than the default origin AS numbers.

81

Image 81

Contents NetFlow Tracker Grant of Licence and Payment of Fees Software License AgreementCopyright Customer Remedies Confidential Information and Security User’s Guide version NetFlow Tracker Definitions Support Charges Support ServicesUndertakings by You Supplier’s UndertakingsLimitation of Liability and indemnity Intellectual Property RightsTermination Miscellaneous Confidential Information and SecurityExceptions to Support Services Support HoursResponse Times Contents LONG-TERM Reports Appendix 2 CSV File Format What is NetFlow Tracker? What is NetFlow?Features and Benefits IntroductionUser’s Guide version NetFlow Tracker Pre-installation Checks InstallationMinimum System Requirements Operating System SupportInstallation on Microsoft Windows Installation on Solaris and Linux Post-installation Tasks Set up web front-end security Set up Snmp community stringsConfigure your routers and switches Add listener portsUsing NetFlow Tracker Interfaces Device traffic metersChanging the displayed chart Working with ChartsChart legend Per-AS dataView a standard chart as a tabular report View a standard chart as a pie chartZooming Zooming outWorking with Pie Charts Working with Tabular Reports User’s Guide version NetFlow Tracker Report Templates Address ReportsSession Reports QoS Reports Network ReportsInterface Reports Traffic Identification Reports Creating Filtered ReportsOther Reports Report TemplateSource Data Sample SizeStart Time End TimeIn/Out Interface Out InterfaceVPN Out VPNIdentified Application Recognised ApplicationToS DiffServSource/Destination Subnet Destination SubnetSource Mask Destination MaskDevices and Interfaces Long-term ReportsPer-device and Per-interface Long-term Reports Filter EditorUser’s Guide version NetFlow Tracker Executive Reports Report URL Format General FormReport Format Parameters 0023 Chart0024 0025True NumberFalse HeadingSections Features128 256Time Range Parameters Day HourWeek MonCalendar-based advanced HHmm Applying a time-of-day mask to the time rangeDay1-day2/time1-time2 105 110100 113120 115140 125300 285Minute DailyFilter Parameters Name Port/namePort/number Prec TosPrec%20tos Code ByteAddr/mask Password PasswordSecurity Parameters Management Portal Access Control Parameters SecretNull Aclid specifies a permitted long-term report Features Database Server Settings Performance TuningDisk Speed Query SizeSnmp Settings Configuration GuideLicensing Listener PortsDevice Settings Device SettingsDevice List Archiving Traffic ClassesIdentified Applications Security Settings VPNsDeleting a Device Management Portal Settings Report Settings Saved Filters Long-term ReportsExecutive Reports Span class=repdesctextTest/span Nelements=5 and chartWidth=400 ContentSub-reports User’s Guide version NetFlow Tracker Hostname Resolution Settings IP Application NamesDiffServ Names Database Settings AS NamesSubnet Names User’s Guide version NetFlow Tracker Archiving BackupPerformance Counters Memory SettingsInterface Scans Unprocessed FlowsetsMissed Flows Missed ExportsEnabling Netflow Export on an IOS Device Appendix 1 Device ConfigurationIp cef Ip flow-export destination addressIp flow-cache timeout inactive Ip flow-cache timeout activeShow ip flow export Show ip cache flow Show ip cache verbose flowMls netflow Ip route-cache flow infer-fieldsMls nde sender version Mls aging longUser’s Guide version NetFlow Tracker Set mls nde enable Set mls bridged-flow-statistics enable vlanlistSet system name name Set mls nde addressEnabling Flow Detail Records on a Packeteer Device Flow-sampler-map allflows mode random one-out-of 1 exitEnabling NetFlow on an Enterasys Device Address Using sflowtool to Convert sFlow Records to NetFlowChart CSV format Appendix 2 CSV File FormatTabular report CSV format Appendix 3 Third Party Software Components