CollecCng NetFlow with pmacct

More documents

Recommendations

Info

Touching ground: a config snippet for logging micro-‐flows plugins: print[forensics] ! aggregate[forensics]: src_host, dst_host, \ ! peer_src_ip, peer_dst_ip, in_iface, out_iface, \ timestamp_start, timestamp_end, src_port, \ dst_port, proto, tos, src_mask, dst_mask, src_as, \ dst_as, tcpflags print_output_file[forensics]: /path/to/forensics-%Y%m%d_%H%M.txt print_output[forensics]: csv print_refresh_time[forensics]: 300 print_output_file_append[forensics]: true ! ! from pmacct 1.5.0rc2 print_latest_file[forensics]: /path/to/forensics-latest ! Micro-flow (de)aggregation Dynamic file names, ie.: forensics-20130803_1400 [ formatted, csv, json ] Insert data every 5 mins, append to file if exists Pointer to latest file to become optional and explicitly configured
Touching ground: how data would look like: logging micro-‐flows (1/2) shell> ls –la … -rw------- 1 pmacct pmacct Aug 02 13:50 forensics-20130802-1345.txt -rw------- 1 pmacct pmacct Aug 02 13:55 forensics-20130802-1350.txt -rw------- 1 pmacct pmacct Aug 02 14:00 forensics-20130802-1355.txt -rw------- 1 pmacct pmacct Aug 02 14:05 forensics-20130802-1400.txt lrwxrwxrwx 1 pmacct pmacct 10 Aug 02 14:05 forensics-latest -> forensics-20130802-1400.txt … Configurable ownership Pointer to latest finalized file
Page 1 and 2: Collec+ng NetFlow with pmacct P
Page 3 and 4: whoami: Paolo § Been originally
Page 5 and 6: Usage scenarios
Page 7 and 8: Collec+ng NetFlow with pmacct A
Page 9 and 10: Some technical facts (2/3) BGP
Page 11 and 12: Touching ground: a config snipp
Page 13 and 14: Introducing BGP na+vely into a
Page 15 and 16: Storing data persistently § Dat
Page 17 and 18: Brokering data around: RabbitMQ
Page 19 and 20: Why speaking of traffic matrice
Page 21 and 22: Review of traffic matrices: ext
Page 23 and 24: Our traffic matrix visualized P
Page 25 and 26: Geyng BGP to the collector (2/
Page 27 and 28: Telemetry data/BGP correla+on
Page 29 and 30: Touching ground: how data would
Page 31 and 32: Case-‐study: peering at AS28
Page 33 and 34: Case-‐study: peering at AS28
Page 35 and 36: pmacct, logging & flat-‐file
Page 37 and 38: Logging use-‐cases § Micro-
Page 39: Logging feature status (2/2) §
Page 45 and 46: Touching ground: how data would
Page 49 and 50: Collec+ng NetFlow with pmacct A
Page 51 and 52: Need for horizontal scalability
Page 57 and 58: Further informa+on § hKp://www.p
Page 59 and 60: Collec+ng NetFlow with pmacct B
Page 61: Post-‐processing RDBMS and r

CollecCng NetFlow with pmacct

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?