Prerequisites
1. ehnt package from ehnt.sourceforge.net/
2. perl
Start the Work
Setup the ehnt server.
for ehnt server , your cisco device should be throwing netflow data on the specified port
the following command should be available in cisco device to enable netflow
ip flow-export source Loopback0
! you can use any other source interface , ehntserv with receive the all data through the specified interface
ip flow-export version 5
! version no to be used
ip flow-export destination <ehntserv ip> <udp port>
! destination information to throw on , netflow works on udp port
noe execute the ehntserv application
ehntserv -u <udp port> -t <tcpport>
udp port - same as cisco specified
tcp port - to listen on for readable format data
now execute the ehnt application to test only.
ehnt -s <ehnt serv ip address>:<tcp port> -m colondump
this will start display the data in readable format.
now you write one perl script with the following lines.
coding part
#!/usr/bin/perl -w
my ($flow,$router_id,$src_int,$src_ip,$src_port,$src_as_no,$dst_ip,$dst_port,$packet_size,$z,$proto,$m,$n);
open(PIPE,"ehnt -s <ehntserv ip>:<tcpport> -m colondump 2>/dev/null |") || die "can't open ehnt";
while(<PIPE>) {
#---ignore invalid entries
next if ( $_ !~ /^[0-9]/ || $_ =~ /^\s/ ) ;
($flow,$router_id,$src_int,$src_ip,$src_port,$src_as_no,$dst_ip,$dst_port,$packet_size,$z,$proto,$m,$n)=split(/:/,$_);
.........
TODO:and do whatever you want to do
}
and enjoy
No comments:
Post a Comment