在 Vyatta 路由器上配置flow导出
对于NetFlow 分析,您需要将设备配置为将flow导出到 Site24x7 本地轮询器,即 NetFlow 收集器。本地部署轮询器将监听特定端口以接收flow。了解如何查找本地部署轮询器的端口号。
按照以下步骤在 Vyatta 路由器上配置 NetFlow 导出:
- 设置 NetFlow 版本。
set system flow-accounting netflow version 9 - 要将flow导出到 Site24x7,请提供 IP 地址(安装Site24x7本地部署轮询器的计算机)作为flow目标及其侦听端口。
set system flow-accounting netflow server <NFA server IP> port <Port #>示例: set system flow-accounting netflow server 192.168.0.1 port 9996 - 为要监视的每个接口发出以下命令:
set system flow-accounting interface <interface name>示例: set system flow-accounting interface eth0 - 将活动flow超时设置为 1 分钟。默认情况下,这已经设置为 1 分钟或 60 秒。
set system flow-accounting netflow timeout expiry-interval 60 - 当对所有接收的数据包收集统计信息时,Vyatta flow记帐可能会占用大量资源。另一种方法是打开采样,其中每 N 个数据包占 1 个数据包,N 是采样率。
set system flow-accounting netflow sampling-rate N示例: set system flow-accounting netflow sampling-rate 500 - 使用以下命令设置其他基本的 Vyatta flow量核算参数:
set system flow-accounting netflow engine-id id (id values range between 0 – 255)
set system flow-accounting netflow timeout max-active-life 604800
set system flow-accounting netflow timeout flow-generic 3600
set system flow-accounting netflow timeout tcp-fin 300
set system flow-accounting netflow timeout tcp-generic 3600
set system flow-accounting netflow timeout tcp-rst 120
set system flow-accounting netflow timeout icmp 300
set system flow-accounting netflow timeout udp 300
NetFlow 配置
system {
flow-accounting {
interface <ifname> { // Please apply this on all active interface
netflow {
version 9 # Can use 5 or 9
engine-id <u32> # 0-255
server <Collector IP> {
port 9996 # user configurable
}
timeout {
expiry-interval 60
flow-generic 3600
icmp 300
max-active-life 604800
tcp-fin 300
tcp-generic 3600
tcp-rst 120
udp 300
}
}
}
}
sFlow 配置
system {
flow-accounting {
sflow {
agentid <u32>
server 192.168.1.1 {
port 9996
}
}