FB-netgraph

ネットワークを見てみよう。

最近雑誌などで、よく見るネットワークの監視ツールで

Nfsen/nfdump と言うツールを見たので自宅のFreeBSDで設定してみよう

/boot/loader.conf

に追加（こんなに設定いるのか？？)

# ng_netflow_load="YES" # Cisco's NetFlow netgraph note type
ng_UI_load="YES"                 # UI netgraph node type
ng_eiface_load="YES"             # generic Ethernet interface netgraph node type
ng_ether_load="YES"              # Ethernet netgraph node type
ng_fec_load="YES"                # netgraph Fast EtherChannel node
ng_gif_load="YES"                # generic tunnel interface netgraph node type
ng_hub_load="YES"                # packet distribution  netgraph node type
ng_iface_load="YES"              # interface Netgraph node type
ng_ip_input_load="YES"           # netgraph IP input node type
ng_ksocket_load="YES"            # kernel socket netgraph node type
ng_netflow_load="YES"            # Cisco's NetFlow netgraph node type
ng_one2many_load="YES"           # packet multiplexing netgraph node type
ng_socket_load="YES"             # Netgraph socket node type
ng_split_load="YES"              # netgraph node to separate incoming and
ng_tee_load="YES"                # Netgraph ``tee'' node type

/etc/set_netflow.conf を作成

# /usr/sbin/ngctl -f- <<-SEQ
mkpeer fxp0: netflow lower iface0
name fxp0:lower netflow
connect fxp0: netflow: upper out0
mkpeer netflow: ksocket export inet/dgram/udp
msg netflow:export connect inet/192.168.2.98:9997
# SEQ

netgraph を起動

/usr/sbin/ngctl -f /etc/set_netflow.conf

nfdump/nfsen を起動