Skip to Main Content
Security Monitoring
book

Security Monitoring

by Chris Fry, Martin Nystrom
February 2009
Intermediate to advanced content levelIntermediate to advanced
256 pages
7h 43m
English
O'Reilly Media, Inc.
Content preview from Security Monitoring

Appendix A. Detailed OSU flow-tools Collector Setup

This appendix gives detailed information on setting up and running a NetFlow collector based on OSU flow-tools, followed by some simple commands to enable NetFlow generation from a Cisco IOS router.

OSU flow-tools is a set of open source NetFlow collection utilities, which you can reference at http://www.splintered.net/sw/flow-tools/. Before you begin, ensure that your hardware meets the installation requirements, which are as simple as the following:

  • One server (or virtual server instance) running the *nix operating system

  • An appropriate amount of disk space (250 GB to 500 GB is a good starting point, though we’ve run some low-traffic environments on as little as 100 GB)

Set Up the Server

To prepare your server for NetFlow collection, follow these steps:

  1. Download the latest package of flow-tools utilities (in this case, the version is 0.66) from ftp://ftp.eng.oar.net/pub/flow-tools/flow-tools-0.66.tar.gz. Place the file in the /tmp directory of your server.

  2. Extract the files in /tmp with the following command:

    tar -xzvf flow-tools-0.66.tar.gz
  3. This creates a flow-tools-0.66 directory. Run the install-sh shell script in that directory as root. It will install flow-tools to /usr/local/netflow, containing all the flow-tools binaries.

  4. Create a netflow user to run the collection software.

  5. su to the netflow user and start the flow-capture process, which prepares the system to receive forwarded flows. There are several options in the startup command ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Applied Network Security Monitoring

Applied Network Security Monitoring

Chris Sanders, Jason Smith
Network Protocols for Security Professionals

Network Protocols for Security Professionals

Yoram Orzach, Deepanshu Khanna

Publisher Resources

ISBN: 9780596157944Errata Page