onlyslon / softflowd Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/softflowd
License: Other
Automatically exported from code.google.com/p/softflowd
License: Other
Welcome to softflowd, a flow-based network monitor. Introduction ------------ softflowd listens promiscuously on a network interface and semi-statefully tracks network flows. These flows can be reported using NetFlow version 1, 5 or 9 datagrams. softflowd is fully IPv6 capable: it can track IPv6 flows and export to IPv6 hosts. More details about softflowd's function and usage may be found in the supplied manpages, which you can view prior to installation using /usr/bin/nroff -c -mandoc softflowd.8 | less /usr/bin/nroff -c -mandoc softflowctl.8 | less If you are in need of a NetFlow collector, you may be interested in softflowd's companion project "flowd" (http://www.mindrot.org/flowd.html). flowd is a NetFlow collector that is maintained in parallel with softflowd and includes a few handy features, such as the ability to filter flows it receives as well as Perl and Python APIs to its storage format. NB. You don't have to use flowd: any NetFlow compatible collector should work with softflowd. An example Perl collector is included for testing purposes as collector.pl, but it doesn't yet support NetFlow v.9 Installing ---------- Building softflowd should be as simple as typing: ./configure make make install Unfortunately some systems like to make life complicated. Things work fine on the systems that I develop and test on (OpenBSD and Linux). There is peliminary support for Solaris 9 (i.e. it compiled), but no testing on this platform has been performed. Licensing --------- Softflowd is licensed under a two-term BSD license (see the source files for details). The code in sys-tree.h is Copyright Niels Provos <[email protected]> and comes straight from OpenBSD CVS, convtime.c comes is Copyright Kevin Steves and comes from OpenSSH (misc.c). Both of these files are licensed under two-term BSD licenses too. strlcpy.c, strlcat.c and closefrom.c also come from OpenBSD CVS and are Copyright Todd C. Miller. Please refer to the LICENSE file for full details. Reporting Bugs -------------- Please report bugs in softflowd to http://bugzilla.mindrot.org/ If you find a security bug, please report it directly by email. If you have any feedback or questions, please email me: Contributing ------------ Softflowd has an extensive TODO list of interesting features, large and small, that are waiting to be implemented. If you are interested in helping, please contact me. The latest source code may be obtained from Google Code: http://code.google.com/p/softflowd/ Damien Miller <[email protected]>
What steps will reproduce the problem?
1. Analyze source code from files netflow1.c and netflow5.c
2. Look for following snippet in function send_netflow_v[15]:
if (j == 0) {
memset(&packet, '\0', sizeof(packet));
3. Run tcpdump and see generated netflow packets.
According to IF MIB Definition of ifIndex
(http://net-snmp.sourceforge.net/docs/mibs/IF-MIB.txt) ifIndex has to be
greater than zero. Right now both ifIndex fields in every flow are set to 0.
The problem applies to version 0.9.8 and 0.9.9.
Because of the problem Netflow Analyzer Enterprise Edition from from
ManageEngine (http://www.manageengine.com/products/netflow/) refuses to see
such flows.
The problem can be fixed with following code:
flw->if_index_out = flw->if_index_in = htons(1);
It's necessary to add the string in the functions send_netflow_v[15] just
before following code:
offset += sizeof(*flw);
j++;
I attached full patch for it.
Or try to map SNMP-index of given on command line interface name.
But it's more complicated.
With best regards,
Maxim Zimovets
Original issue reported on code.google.com by [email protected]
on 20 Apr 2012 at 5:46
Attachments:
What steps will reproduce the problem?
When the data export, my collector generates the data with different date, I am
using the NFSEN. for example:
2011-06-28 xxxxxxxxxxxxxxxxxx xxxxxxxxxxx xxxxxxxxxxxx xxxxxxxx...
this late date.
And one more question, I could profiles exporter or make profiles with
softflowd?
What is the expected output? What do you see instead?
Late date
What version of the product are you using? On what operating system?
pfsense 2.0
att
Zacaron
Original issue reported on code.google.com by [email protected]
on 2 Aug 2011 at 7:37
What steps will reproduce the problem?
1. extract tar.gz
2. create rpmbuild directory structure
3. copy files to folders inside rpmbuild structure:
cp softflowd-0.9.9/softflowd.spec ~/rpmbuild/SPECS
cp softflowd-0.9.9/softflowd.init ~/rpmbuild/SOURCES
cp softflowd-0.9.9/softflowd.sysconfig ~/rpmbuild/SOURCES
cp softflowd-0.9.9.tar.gz ~/rpmbuild/SOURCES
4. build rpm: rpmbuild -ba:
rpmbuild -ba ~/rpmbuild/SPECS/softflowd.spec
What is the expected output? What do you see instead?
It was expected tu see a builded rpm file
It gives an error saying that it cannot find "ChangeLog" file
What version of the product are you using? On what operating system?
softflowd-0.9.9 on Centos 6.2
Please provide any additional information below.
I made a simple script that changes the softflowd.spec not to use "ChangeLog"
file
but if you could add it to tar.gz file it would be the right way of do it.
thanks
Original issue reported on code.google.com by [email protected]
on 4 Jun 2012 at 1:44
Hi,
I'm interested by this tool. I want to catch NetFlow data from Cisco Catalyst
2950 switches taht are note NetFlow capable by himself.
I found a website talking about your product was able to give a kind of
rendering with these switches (From
www.plixer.com/blog/netflow-analyzer/catalyst-2950-netflow-support/)
I would like to use your product but I found nothing help me to install your
product, no sample, no lab environment, no screenshot,...
Producing at least a small documentation section on this web page could be very
interesting. We should found that:
1- How to install (Package, platform, requierment, etc.)
2- How to configure
3- Sample (real usage to have a kind of template)
4- Supported network equipments
5- Supported software (like, how softflowd work between a network and ntop)
Original issue reported on code.google.com by [email protected]
on 30 Oct 2012 at 8:26
What steps will reproduce the problem?
1. Setup a pfSense router to send NetFlow V9 to a CentOS 6/FlowViewer/IPFIX
2. Take a Wireshark trace on CentOS with tcpdump
3. Observe following decoding:
Cisco NetFlow/IPFIX
Version: 9
Count: 14
SysUptime: 129080.231279120 seconds
Timestamp: Nov 2, 2014 09:17:01.000000000 Paris, Madrid
CurrentSecs: 1414916221
FlowSequence: 163268
SourceId: 0
FlowSet 1
FlowSet Id: (Data) (1024)
FlowSet Length: 440
Flow 1
SrcAddr: 192.168.100.64 (192.168.100.64)
DstAddr: 192.168.150.15 (192.168.150.15)
[Duration: -0.061000000 seconds]
StartTime: 128738.007000000 seconds
EndTime: 128737.946000000 seconds
Octets: 116
Packets: 1
SrcPort: 63880
DstPort: 161
Protocol: 17
TCP Flags: 0x00
IPVersion: 04
Flow 2
SrcAddr: 192.168.150.15 (192.168.150.15)
DstAddr: 192.168.100.64 (192.168.100.64)
[Duration: -0.061000000 seconds]
StartTime: 128738.007000000 seconds
EndTime: 128737.946000000 seconds
Octets: 130
Packets: 1
SrcPort: 161
DstPort: 63880
Protocol: 17
TCP Flags: 0x00
IPVersion: 04
What is the expected output? What do you see instead?
End time later than Start time
What version of the product are you using? On what operating system?
pfSense 2.1.5-RELEASE (i386)
softflowd 0.9.8 pkg v1.0.1
Please provide any additional information below.
Regards
Antoine
Original issue reported on code.google.com by [email protected]
on 3 Nov 2014 at 11:13
what is the role of sampling??
Is possible to give sampled packet to softflowd?? difference between given all
packet and sampled packet????
Original issue reported on code.google.com by [email protected]
on 10 Jun 2014 at 9:02
What steps will reproduce the problem?
$ softflowd -i eth0 -n blahh:1234
if "blahh" cannot be resolved, the error message
is "address too long" .
What is the expected output? What do you see instead?
"unknown hostname" or something similar
What version of the product are you using? On what operating system?
current (0.9.9) on gentoo linux
Please provide any additional information below.
this small patch works for me:
--- softflowd_orig.c 2012-02-13 02:39:42.000000000 +0100
+++ softflowd.c 2013-08-19 21:22:57.000000000 +0200
@@ -1603,7 +1603,7 @@
memset(&hints, '\0', sizeof(hints));
hints.ai_socktype = SOCK_DGRAM;
- if ((herr = getaddrinfo(host, port, &hints, &res)) == -1) {
+ if ((herr = getaddrinfo(host, port, &hints, &res)) != 0) {
fprintf(stderr, "Address lookup failed: %s\n",
gai_strerror(herr));
exit(1);
output is "Address lookup failed: Name or service not known"
as expected.
Original issue reported on code.google.com by [email protected]
on 19 Aug 2013 at 7:33
It would be very useful to be able to use libnetfilter_log as an input to
softflowd.
Original issue reported on code.google.com by [email protected]
on 22 Dec 2014 at 7:05
What steps will reproduce the problem?
- softflowd stops/crashes after a few hours/days of running with the following
output:
Shutting down after pcap EOF
Shutting down on user request
What version of the product are you using? On what operating system?
softflowd 0.9.8
Linux 2.6.27.7-9-pae #1 SMP 2008-12-04 18:10:04 +0100 i686 i686 i386 GNU/Linux
Please provide any additional information below.
I've commented "graceful_shutdown_request = 1" (line 1872 in softflowd.c) then
got:
Shutting down after pcap EOF
Exiting immediately on user request
Original issue reported on code.google.com by [email protected]
on 21 Nov 2011 at 9:13
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.