Mailing List Archive

Hi,

I don't know if pmacct has an API for it, but it can replicate netflow and also filter what it is
forwarding.
https://github.com/pmacct/pmacct/blob/master/QUICKSTART

Beginning line 2093

Kind regards
Karsten

Am Donnerstag, 21. Januar 2021, 14:31:36 schrieb Drew Weaver:
> Good morning everyone,
>
> I am looking for a Netflow collector that can forward flows based on src
> ip/src net dst ip/dst net to another collector in either real or near time.
>
> If it can be configured via an API that is even better than having to edit
> configuration files.
>
> If anyone has any suggestions I would appreciate it.
>
> Thanks,
> -Drew

I've been using samplicator for a few years for this, it can be
configured to forward based on sender ip/net, but it does not have an
API. I'm using it because it's small, simple and does only one thing.

https://github.com/sleinen/samplicator

//JH

On 2021-01-21 15:39, Karsten Thomann via NANOG wrote:
>
> Hi,
>
> I don't know if pmacct has an API for it, but it can replicate netflow
> and also filter what it is forwarding.
>
> https://github.com/pmacct/pmacct/blob/master/QUICKSTART
>
> Beginning line 2093
>
> Kind regards
>
> Karsten
>
> Am Donnerstag, 21. Januar 2021, 14:31:36 schrieb Drew Weaver:
>
> > Good morning everyone,
>
> >
>
> > I am looking for a Netflow collector that can forward flows based on src
>
> > ip/src net dst ip/dst net to another collector in either real or
> near time.
>
> >
>
> > If it can be configured via an API that is even better than having
> to edit
>
> > configuration files.
>
> >
>
> > If anyone has any suggestions I would appreciate it.
>
> >
>
> > Thanks,
>
> > -Drew
>

Plixer Replicator will do this via REST API is you are looking for a
commercial solution.
If you’re looking for a free solution, Samplicator will do this via config
file.
Neither is a “collector” as neither stores the flows. They simply
forward/copy UDP streams based on a set policy. It sounds like this is what
you are after.

(Full disclosure I works for Plixer)

Mike Krygeris

On Thu, Jan 21, 2021 at 9:31 AM Drew Weaver <drew.weaver@thenap.com> wrote:

> Good morning everyone,
>
>
>
> I am looking for a Netflow collector that can forward flows based on src
> ip/src net dst ip/dst net to another collector in either real or near time.
>
>
>
> If it can be configured via an API that is even better than having to edit
> configuration files.
>
>
>
> If anyone has any suggestions I would appreciate it.
>
>
>
> Thanks,
>
> -Drew
>
>
>

You might try the SiLK offering from Carnegie-Mellon's CERT team. A
netflow/sflow collector with full tool suite.

Very robust, fast and free.

https://tools.netsa.cert.org/silk

On 1/21/2021 9:31 AM, Drew Weaver wrote:
>
> Good morning everyone,
>
> I am looking for a Netflow collector that can forward flows based on
> src ip/src net dst ip/dst net to another collector in either real or
> near time.
>
> If it can be configured via an API that is even better than having to
> edit configuration files.
>
> If anyone has any suggestions I would appreciate it.
>
> Thanks,
>
> -Drew
>

Speaking as the maintainer of samplicator, I'm not sure it's what Drew
is looking for.

Samplicator just sends copies of entire UDP packets. It doesn't
understand NetFlow/IPFIX or whatever else those packets might contain.

If I understand correctly, drew wants to forward some of the
NetFlow/IPFIX flows, based on source/destination addresses *within those
flows*. Samplicator cannot do that (by a long shot).

pmacct sounds like a good suggestion.

(I used to have a Lisp program that could also do this, and adding an
API would have been trivial... but the program has been decommissioned
recently after >20 years of service. Also I never got around to
cleaning that up so that I could distribute the source. :-)
--
Simon.