Often it is necessary to export NetFlow traffic on more than one server (production, development, test...). Having in mind that Cisco, Juniper and other devices can often export NetFlow data only on two devices, there is a need for tools for multiplication of NetFlow traffic.

One of these tools is Samplicator. It is a software package for Linux that listens to UDP datagrams at defined port and sends copies to set of other IP addresses we define.

 

Samplicator works according to the figure below:

How to do it:

  1. Download latest Samplicator version here
  2. Unpack: tar -zxf samplicator-x.y.z.tar.gz
  3. Go to directory: cd samplicator-x.y.z
  4. As a root run configure script: ./configure
  5. Make command to make binary files: make
  6. Then install application with command: make install
  7. Softver will run with command: samplicate 

In This example NetFlow Samplicator Server receives traffic from exporter 10.0.0.254 via port 2000, then sends copies to multiple NetFlow Servers via port 2055:

samplicate -S -f -p 2000 10.0.16.13/2055 10.0.17.8/2055 10.0.22.101/2055

 

Optional commands to use:

OptionDescription
-p <port>
UDP port to accept flows on (default 2000)
-s <address>
Interface address to accept flows on (default any)
-d
Debug level
-b 
Set socket buffer size ( default 65536)
-n
Do not compute UDP checksum (leave at 0)
-S
Maintain (spoof) source address.
-x <delay>
Transmission delay in microseconds.
-c
Specify a config file to read.
-f
Fork. This option sets samplicate to work as background process.

Help command:

samplicate -h 



 

 

 

 

  • No labels