Cacti Netflow Collector (Flowview) and Softflowd

## First to all we need configure port mirror on cisco router or catalyst switch on layer 2 port.

### As you can see the port configured as Port mirror is fa1/0, in this interface has been connected the CACTI BOX. yum install libpcap-devel Downlaod softflowd from http://code.google.com/p/softflowd/

tar -xzvf /home/admin/Desktop/softflowd-0.9.9.tar.gz cd /home/admin/Desktop/softflowd-0.9.9 ./configure make all make install /usr/local/sbin/softflowd -i eth0 -v 5 -n 127.0.0.1:2204 -T full /usr/local/sbin/softflowctl statistics

/usr/local/sbin/softflowctl shutdown ### Add the script to the file rc.local in order to execute it when the system start up vi /etc/rc.local /usr/local/sbin/softflowd -i eth0 -v 5 -n 127.0.0.1:2204 -T full Softflowd only sends flow information to the collector once the flow has ended--for example, when the FTP session ends, when the Web page has been delivered, and so on. This means that at any moment, softflowd will have a cache of connections in progress. When you stop softflowd, run

softflowctl shutdown so that softflowd will expire those flows and send them to your collector immediately. Simply shutting down the server running softflowd will cause you to lose the active-but-incomplete flows. You're going to lose some information anyway if you reboot your sensor, but you might as well keep that loss as minimal as possible. # Finally you need to configure The listener on flowview # Go to Flows in cacti web page, select Listeners Tab, click Add

/etc/init.d/flow-capture stop /etc/init.d/flow-capture start

Wait a moment and you can see flow details

Sign up to vote on this title
UsefulNot useful