Collecting netflow on RHEL5 with flow-tools
If you have a netflow capable router, you can gather information about traffic that’s passing through your netflow collector. Here are a few notes about getting it to work on a Red Hat Enterprise Linux 5 machine – some of the code has gotten a little crusty, but with some work you can get it to compile.
Robert Galloway has put together a nice netflow how-to here. Once you get through the perl module issues (I had to manually place some modules and their directories into the site-perl directory on the machine.)
flow-tools hasn’t been maintained by the author in a while if it compiles for you great, but if not, you can grab a different branch that will compile on modern boxes here. It’s a new branch, I used version 0.68.4 and it compiles fine.
The biggest problem is compiling CFlow – which can be found in the contrib directory of the flow-tools bzip. It looks for libft.a, which has since moved inside the flow-tools build. At first I tried linking against libft.la, but it turns out that you need to link against libft.so.
In my case, it’s found here: /usr/local/flow-tools/lib/libft.so
I created a symbolic link:
ln -s /usr/local/flow-tools/lib/libft.so /usr/local/flow-tools/lib/libft.a
Then I edited Makefile.PL inside Cflow-1.053 and replaced this:
sub find_flow_tools {
my($ver, $dir);
my($libdir, $incdir);
if (-f ‘../../lib/libft.a’) {
$dir = ‘../../lib’;
$incdir = “-I$dir -I$dir/..”;
$libdir = “-L$dir”;
}
With this:
if (-f ‘/usr/local/flow-tools/lib/libft.a’) {
Then run perl Makefile.pl and build/install as usual.
After that, I’ve found that the Table perl module kicks out an error, but it’s not actually an issue – all the output works fine.
« New (old) server for the house
Oops. »