Until now we have wrote about different ways and options for exporting and collecting NetFlow traffic. Today we will go one step further in this area...
Often it is necessary to export NetFlow traffic on more than one server (production, development, test...). Having in mind that Cisco, Juniper and other devices can often export NetFlow data only on two devices, there is a need for NetFlow traffic multiplication tools.
One of these tools is Samplicator. It is a software package for Linux that listens to UDP datagrams at defined port and sends copies to set of other IP addresses we define.
Here is a explanation how to do it:
- Download latest Samplicator version here
- Unpack: tar -zxf samplicator-x.y.z.tar.gz
- Go to directory: cd samplicator-x.y.z
- As a root run configure script: ./configure
- Make command to make binary files: make
- Then install application with command: make install
- Softver will run with command: samplicate
In This example NetFlow Samplicator Server receives traffic from exporter 10.0.0.254 via port 2000, and then sends copies to multiple NetFlow Servers via port 2055:
samplicate -S -f -p 2000 10.0.16.13/2055 10.0.17.8/2055 10.0.22.101/2055
There are also some optional commands to use:
|-p <port>||UDP port to accept flows on (default 2000)|
|-s <address>||Interface address to accept flows on (default any)|
|-b||Set socket buffer size ( default 65536)|
|-n||Do not compute UDP checksum (leave at 0)|
|-S||Maintain (spoof) source address.|
|-x <delay>||Transmission delay in microseconds.|
|-c||Specify a config file to read.|
|-f||Fork. This option sets samplicate to work as background process.|
Help command in this case would be:
This should be a very easy way of enabling export to multiple servers and could be a extremely helpful when you need Test and Production being separated.