Very fast and effective Netflow exporting module for Linux kernel. Designed for Linux router with heavy network load. It is iptables module, but not using conntrack for performance reasons.
And from the docs
===========
= RUNNING =
===========
1. You can load module by insmod like this:
# insmod ipt_NETFLOW.ko destination=127.0.0.1:2055 debug=1
Or if properly installed (make install; depmod) by this:
# modprobe ipt_NETFLOW destination=127.0.0.1:2055
See, you may add options in insmod/modprobe command line, or add
them in /etc/ to modules.conf or modprobe.conf like thus:
options ipt_NETFLOW destination=127.0.0.1:2055
2. Statistics is in /proc/net/stat/ipt_netflow
To view slab statistics: grep ipt_netflow /proc/slabinfo
3. You can view parameters and control them via sysctl, example:
# sysctl -w net.netflow.hashsize=32768
4. Example of directing all traffic into module:
# iptables -A FORWARD -j NETFLOW
# iptables -A INPUT -j NETFLOW
# iptables -A OUTPUT -j NETFLOW
Oh if I had a week to kill, to do a complete bakeoff of Linux and BSD user/kernel space implementations.
No comments:
Post a Comment