Often it is necessary to export netflow traffic on more than one server (production, development, test...). Having in mind that Cisco, Juniper and other devices can often export netflow data only on two devices, there is a need for tools for multiplication of netflow traffic.
One of these tools is Samplicator. It is a software packege for Linux that listens to UDP datagrams at defined port and sends copies to set of other IP addresses we define.
Samplicator works according to the figure below:
Samplicator receives traffic from some exporter via port 2000, then copies and sends copies to multiple NetFlow Servers via port 2055.
How to do it:
tar -zxf samplicator-x.y.z.tar.gz
cd samplicator-x.y.z
./configure
Make
command to make binary files: make
make install
samplicate
Optional commands to use:
Option | Description |
---|---|
-p <port> | UDP port to accept flows on (default %d) |
-s <adresa> | Interface address to accept flows on (default any) |
-d | Debug level |
-b | Set socket buffer size ( default %lu) |
-n | Do not compute UDP checksum (leave at 0) |
-S | Maintain (spoof) source address. |
-x <delay> | Transmission delay in microseconds. |
-c | Defining location of configuration file from which configuration is read. |
-f | Fork. This option setss samplicate to work as background process. |
This example describes netflow package duplication as on the figure above:
samplicate -S -f -p 2000 10.1.37.20/2055 10.1.15.211/2055 10.1.7.18/2055 |