Netflow / cacti

flow1-settingsNet Flow & Cacti plugin

The packeage for the flow capture is called flow-tools — Normally the RPM is included
in the cacti plugin – The plugin is called Flowview

flow-tools-0.68-12.fc3.x86_64.rpm
The deamon is flow-capture

"service flow-capture stop"

Config file is – /etc/sysconfig/flow-capture

nano /etc/sysconfig/flow-capture

 # Change the source IP and port to what is used on your network
 OPTIONS="-n 287 -N 0 -w /var/netflow/flows/completed -S 5 0/0/9996"

9996 is the port used for Netflow

Cisco config

 !
 ip flow-export version 5
 ip flow-export destination 172.19.38.228 9996
 !

The dir /var/netflow/flows/completed is where the netflows are stored