Good morning everyone,
I am looking for a Netflow collector that can forward flows based on src ip/src net dst ip/dst net to another collector in either real or near time.
If it can be configured via an API that is even better than having to edit configuration files.
If anyone has any suggestions I would appreciate it.
Thanks,
-Drew
Hi,
I don’t know if pmacct has an API for it, but it can replicate netflow and also filter what it is forwarding.
Beginning line 2093
Kind regards
Karsten
I’ve been using samplicator for a few years for this, it can be configured to forward based on sender ip/net, but it does not have an API. I’m using it because it’s small, simple and does only one thing.
//JH
Plixer Replicator will do this via REST API is you are looking for a commercial solution.
If you’re looking for a free solution, Samplicator will do this via config file.
Neither is a “collector” as neither stores the flows. They simply forward/copy UDP streams based on a set policy. It sounds like this is what you are after.
(Full disclosure I works for Plixer)
Mike Krygeris
You might try the SiLK offering from Carnegie-Mellon’s CERT team. A netflow/sflow collector with full tool suite.
Very robust, fast and free.
Speaking as the maintainer of samplicator, I'm not sure it's what Drew
is looking for.
Samplicator just sends copies of entire UDP packets. It doesn't
understand NetFlow/IPFIX or whatever else those packets might contain.
If I understand correctly, drew wants to forward some of the
NetFlow/IPFIX flows, based on source/destination addresses *within those
flows*. Samplicator cannot do that (by a long shot).
pmacct sounds like a good suggestion.
(I used to have a Lisp program that could also do this, and adding an
API would have been trivial... but the program has been decommissioned
recently after >20 years of service. Also I never got around to
cleaning that up so that I could distribute the source. 