diff options
| author | Ander Juaristi <a@juaristi.eus> | 2019-04-26 09:58:06 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-04-30 14:11:54 +0200 |
| commit | 4f639231c83b09ea004c03e95c702b7750bf9930 (patch) | |
| tree | 99bb7210f52d5530f21efcb3f4d45020113b22e2 /input | |
| parent | 675e762091380590f78ff07a94a25caa459b786b (diff) | |
IPFIX: Add IPFIX output plugin
This patch adds an IPFIX output plugin to ulogd2. It generates NetFlow/IPFIX
traces and sends them to a remote server (collector) via TCP or UDP.
Based on original work by Holger Eitzenberger <holger@eitzenberger.org>.
How to test this
----------------
I am currently testing this with the NFCT input and Wireshark.
Place the following in ulogd.conf:
# this will print all flows on screen
loglevel=1
# load NFCT and IPFIX plugins
plugin="/lib/ulogd/ulogd_inpflow_NFCT.so"
plugin="/lib/ulogd/ulogd_output_IPFIX.so"
stack=ct1:NFCT,ipfix1:IPFIX
[ct1]
netlink_socket_buffer_size=217088
netlink_socket_buffer_maxsize=1085440
accept_proto_filter=tcp,sctp
[ipfix1]
oid=1
host="127.0.0.1"
#port=4739
#send_template="once"
I am currently testing it by launching a plain NetCat listener on port
4739 (the default for IPFIX) and then running Wireshark and see that it
dissects the IPFIX/NetFlow traffic correctly (obviously this relies on
the Wireshark NetFlow dissector being correct).
First:
nc -vvvv -l 127.0.0.1 4739
Then:
sudo ulogd -vc ulogd.conf
Signed-off-by: Ander Juaristi <a@juaristi.eus>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'input')
| -rw-r--r-- | input/flow/ulogd_inpflow_IPFIX.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/input/flow/ulogd_inpflow_IPFIX.c b/input/flow/ulogd_inpflow_IPFIX.c deleted file mode 100644 index 27ce5b2..0000000 --- a/input/flow/ulogd_inpflow_IPFIX.c +++ /dev/null @@ -1,2 +0,0 @@ -/* */ - |