wanderer/ fastnetmon-rewritten
1
0
Fork 0
mirror of https://github.com/pavel-odintsov/fastnetmon synced 2024-06-09 01:06:04 +02:00
Code Issues Releases Activity

Provide ability for specify netflow sampling rate manually

This commit is contained in:
Pavel Odintsov 2015-05-06 01:27:25 +03:00
parent fb2f9ae4c8
commit 4b9b1b2f62
2 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/fastnetmon.conf
View File

@ -72,6 +72,10 @@ average_calculation_time = 5
netflow_port = 2055
netflow_host = 0.0.0.0
# Netflow agents uses different and very complex approaches for notifying about sample ratio
# Here you could specify sampling ratio for all agents
netflow_sampling_ratio = 1
# sFLOW configuration
sflow_port = 6343
sflow_host = 0.0.0.0

18
src/netflow_plugin/netflow_collector.cpp
View File

@ -32,6 +32,9 @@ extern log4cpp::Category& logger;
// Global configuration map
extern std::map<std::string, std::string> configuration_map;
// Sampling rate for all netflow agents
unsigned int sampling_rate = 1;
ipfix_information_database ipfix_db_instance;
#include "netflow_collector.h"
@ -379,6 +382,8 @@ void nf10_flowset_to_store(u_int8_t *pkt, size_t len, struct NF10_HEADER *nf10_h
packet.number_of_packets = 0;
packet.ts.tv_sec = ntohl(nf10_hdr->time_sec);
packet.sample_ratio = sampling_rate;
netflow_ipfix_struct data_in_ipfix_format;
memset(&data_in_ipfix_format, sizeof(netflow_ipfix_struct), 0);
@ -464,9 +469,10 @@ void nf9_flowset_to_store(u_int8_t *pkt, size_t len, struct NF9_HEADER *nf9_hdr,
// We use shifted values and should process only zeroed values
// because we are working with little and big endian data in same time
packet.number_of_packets = 0;
packet.ts.tv_sec = ntohl(nf9_hdr->time_sec);
packet.sample_ratio = sampling_rate;
// We should iterate over all available template fields
for (netflow9_template_records_map::iterator iter = template_records.begin(); iter != template_records.end(); iter++) {
u_int record_type = iter->type;
@ -795,8 +801,7 @@ void process_netflow_packet_v5(u_int8_t *packet, u_int len) {
current_packet.length = fast_ntoh(nf5_flow->flow_octets);
current_packet.number_of_packets = fast_ntoh(nf5_flow->flow_packets);
// We did not support sampling for netflow :(
current_packet.sample_ratio = 1;
current_packet.sample_ratio = sampling_rate;
current_packet.source_port = fast_ntoh(nf5_flow->src_port);
current_packet.destination_port = fast_ntoh(nf5_flow->dest_port);
@ -864,6 +869,13 @@ void start_netflow_collection(process_packet_pointer func_ptr) {
interface_for_binding = configuration_map["netflow_host"];
}
if (configuration_map.count("netflow_sampling_ratio") != 0) {
sampling_rate = convert_string_to_integer(configuration_map["netflow_sampling_ratio"]);
logger<< log4cpp::Priority::INFO<<"We use custom sampling ratio for netflow: "<<sampling_rate;
}
logger<< log4cpp::Priority::INFO<<"netflow plugin will listen on "<<interface_for_binding<<":"<<netflow_port<< " udp port";
unsigned int udp_buffer_size = 65536;