On Fri, Apr 26, 2019 at 09:58:06AM +0200, a@xxxxxxxxxxxx wrote: > From: Ander Juaristi <a@xxxxxxxxxxxx> > > This patch adds an IPFIX output plugin to ulogd2. It generates NetFlow/IPFIX > traces and sends them to a remote server (collector) via TCP or UDP. > > Based on original work by Holger Eitzenberger <holger@xxxxxxxxxxxxxxxx>. > > How to test this > ---------------- > > I am currently testing this with the NFCT input and Wireshark. > > Place the following in ulogd.conf: > > # this will print all flows on screen > loglevel=1 > > # load NFCT and IPFIX plugins > plugin="/lib/ulogd/ulogd_inpflow_NFCT.so" > plugin="/lib/ulogd/ulogd_output_IPFIX.so" > > stack=ct1:NFCT,ipfix1:IPFIX > > [ct1] > netlink_socket_buffer_size=217088 > netlink_socket_buffer_maxsize=1085440 > accept_proto_filter=tcp,sctp > > [ipfix1] > oid=1 > host="127.0.0.1" > #port=4739 > #send_template="once" > > I am currently testing it by launching a plain NetCat listener on port > 4739 (the default for IPFIX) and then running Wireshark and see that it > dissects the IPFIX/NetFlow traffic correctly (obviously this relies on > the Wireshark NetFlow dissector being correct). > > First: > > nc -vvvv -l 127.0.0.1 4739 > > Then: > > sudo ulogd -vc ulogd.conf Applied, thanks.
