Highest Voted 'netflow' Questions - Server Fault Stack Exchange

2

votes

1 answer

On RouterOS, how will transparent proxying (with DNAT) affect reporting of netflow?

I have a box running Mikrotik RouterOS, which is set up to do transparent web proxying, as described here. In short, this means that I have a firewall rule for destination NAT causing any port 80 traffic to get redirected to port 8080 on the router,…

mikrotik netflow routeros

asked Nov 26 '10 at 08:48

Tim

277
4
6
13

2

votes

2 answers

On Mikrotik RouterOS, is it possible to get Netflow information from a bridged connection?

I have a RouterOS box set up to bridge two ethernet connections. I have use-ip-firewall=yes in the bridge configuration, so that the ports go through the firewall. I've enabled netflow reporting via ip/traffic-flow, but the only packets I see…

bridge mikrotik netflow routeros

asked Sep 21 '10 at 08:15

Tim

277
4
6
13

1

vote

0 answers

Encapsulate udp traffic info tcp with on-disk buffering

My ipfix flow receiver supports only udp (can't be replaced), which is not resistant to network failures and then I'm loosing flow data. To improve this I'm thinking about using socat, mkfifo between flow exporter and flow receiver. But I dont know,…

tcp buffer netflow socat

asked Mar 22 '19 at 09:52

Supermario

11
1

1

vote

1 answer

Azure change destination IP NAT to local VM

We have an Azure Windows VM created with Inbound security rules allowing UDP/9999 for Netflow traffic. From the Windows VM we can capture traffic destined for the server. The packets are showing the translation Source: Customer Public IP to Dest:…

firewall azure netflow

asked Feb 21 '18 at 15:06

RichDog

11
2

1

vote

0 answers

Cisco Netflow exporter inactive

I have difficulty configuring Netflow on Cisco router ASR 1001 flow record FLOW-RECORD-1 match ipv4 source address match ipv4 destination address match ipv4 protocol match ipv4 tos match interface input match transport source-port match…

cisco router netflow

asked Aug 14 '17 at 11:14

Damjan Nikolovski

43
8

1

vote

1 answer

Monitoring DHCP clients bandwidth usage in and out

I have some locations that are running pfSense routers. I attempted to use the softflowd to send data to NFSen thinking that if it came from the LAN interface it might show the bandwidth per IP at least I was led to believe that. Is there another…

monitoring dhcp snmp netflow librenms

asked Jun 13 '17 at 20:35

Jason

3,931
19
66
107

1

vote

1 answer

Logstash netflow plugin configuration error

I'm trying to use logstash to collect traffic information from VMware ESXi using the netflow plugin. I've installed the latest version of logstash and elasticsearch from www.elastic.co on Ubuntu 16.04.1 with openjdk 8 installed. I've created this…

vmware-esxi logstash netflow

asked Oct 05 '16 at 15:27

tvs

161
1
10

1

vote

1 answer

What is correct iptables chain to put -j NETFLOW

I have a router, with firewall (with drop policy), nats, services. I want to account all factual traffic (inputed before firewal, outputed by services, and passed firewall in forwarding), with its "actual" src/dst (i.e before SNAT, and after…

iptables firewall netflow accounting

asked Jul 16 '16 at 16:53

QwiglyDee

111
2

1

vote

1 answer

MikroTik - Traffic flow (Netflow) Octets Counter wrap

I am using Traffic Flow with pmacct (nfacct) to do IP Accounting. I've noticed that if a flow exceeds ~4GBytes in less than a minute (which is my active-flow-timeout) the exported flow Octets counter wraps around losing a significant amount of total…

mikrotik netflow routeros

asked Nov 26 '15 at 17:32

Cha0s

2,462
2
16
26

1

vote

1 answer

source MAC and destination Mac in netflow( or Sflow)

Is any way to see source MAC and destination MAC in netflow(or Sflow) data, like nfdump -r for netflow data. Any best open source(or free) collector for Sflow?

netflow sflow

asked Oct 19 '15 at 17:01

Veerendra K

313
3
4
11

1

vote

1 answer

How to configure aws in order to get log events?

My question has two parts: - How to get log events? The command line tells me that I need to configure aws... - How to configure aws? I try to get log events by doing the following: sudo aws logs get-log-events --log-group-name my-group…

amazon-web-services logging amazon-vpc aws-cli netflow

asked Sep 03 '15 at 17:29

makansij

265
1
5
12

1

vote

1 answer

Implementing Argus (similar to netflow) what kind of information should I be gathering?

I am setting up a trial of Argus at my company as a diagnostic tool. We have a collector box attached to a monitoring port on our switch, and the initial plan is to redirect ports with unusual traffic to the collector and then analyze it to get…

network-monitoring reporting netflow

asked Oct 06 '09 at 14:29

Chance

450
1
4
18

1

vote

1 answer

Installing Samplicator on CentOS

I'm trying to install Samplicator to test Netflow central collector and then forwarding to other collectors from there. I mainly want to use Samplicator due to it being able to easily sample the Netflow data and/or send the full raw feed. When I…

linux centos netflow

asked Mar 26 '15 at 18:04

Eric

1,383
3
17
34

1

vote

5 answers

Netflow use cases?

My company stores netflow mainly for accidents` investigation. What other interesting use cases, tools for insight to your network or applications using netflow you know?

networking netflow

asked May 05 '09 at 22:19

Kazimieras Aliulis

2,324
2
26
46

1

vote

3 answers

Netflow/IPfix Analyzer for network threats and anomalies

I'm evaluating various options for Netflow/IPfix based analyzers which focus on identifying security threats and anomalies. It would be highly appreciated if someone can provide a list of tools with the following points in mind. windows or *nix…

firewall network-monitoring security netflow

asked Mar 12 '13 at 10:01

Kanwar Saad

111
4

Questions tagged [netflow]