Cisco Netflow
Netflow分為三個部分 record exporter monitor
record
flow record FNF-input
description IPv4 NetFlow
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match ipv4 protocol
match interface input
match ipv4 tos
match flow direction
collect interface output
collect counter bytes long
collect counter packets long
collect transport tcp flags
collect timestamp absolute first
collect timestamp absolute last
flow record FNF-output
description IPv4 NetFlow
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match ipv4 protocol
match interface output
match ipv4 tos
match flow direction
collect interface input
collect counter bytes long
collect counter packets long
collect transport tcp flags
collect timestamp absolute first
collect timestamp absolute last
exporter
flow exporter Scrutinizer
description Export to Scrutinizer
destination [collectors IP Address]
source [name of interface that you will be exporting flows to collector through]
transport udp 2055
template data timeout 60
monitor
flow monitor Scrut_mon_input
description IPv4 FNF ingress exports
exporter Scrutinizer
record FNF-input
cache timeout active 60
flow monitor Scrut_mon_output
description IPv4 FNF egress exports
exporter Scrutinizer
record FNF-output
cache timeout active 60
套用的interface
interface GigabitEthernet1/0/1
ip flow monitor Scrut_mon_input input
ip flow monitor Scrut_mon_output output
L2的switch設定Netflow
flow record l2-rec
description Layer2 NetFlow Record
match datalink mac source address input
match datalink mac destination address input
match datalink vlan input
match datalink ethertype
collect counter bytes long
collect counter packets