7/22/2019 Cacti Netflow Collector (Flowview) and Softflowd

1/4

Cacti Netflow Collector (Flowview) and Softflowd

## First to all we need configure port mirror on cisco router or catalyst

switch on layer 2 port.

### As you can see the port configured as Port mirror is fa1/0, in this

interface has been connected the CACTI BOX.

yum install libpcap-devel

Downlaod softflowdfrom http://code.google.com/p/softflowd/

7/22/2019 Cacti Netflow Collector (Flowview) and Softflowd

2/4

tar -xzvf /home/admin/Desktop/softflowd-0.9.9.tar.gz

cd /home/admin/Desktop/softflowd-0.9.9

./configure

make all

make install

/usr/local/sbin/softflowd -i eth0 -v 5 -n 127.0.0.1:2204 -T full

/usr/local/sbin/softflowctl statistics

/usr/local/sbin/softflowctl shutdown

### Add the script to the file rc.local in order to execute it when the

system start upvi /etc/rc.local

/usr/local/sbin/softflowd -i eth0 -v 5 -n 127.0.0.1:2204 -T full

Softflowd only sends flow information to the collector once the flow has

ended--for example, when the FTP session ends, when the Web page has been

delivered, and so on. This means that at any moment, softflowd will have

a cache of connections in progress. When you stop softflowd, run

7/22/2019 Cacti Netflow Collector (Flowview) and Softflowd

3/4

softflowctl shutdown so that softflowd will expire those flows and send

them to your collector immediately. Simply shutting down the server

running softflowd will cause you to lose the active-but-incomplete flows.

You're going to lose some information anyway if you reboot your sensor,

but you might as well keep that loss as minimal as possible.

# Finally you need to configure The listener on flowview

# Go to Flows in cacti web page, select Listeners Tab, click Add

/etc/init.d/flow-capture stop

/etc/init.d/flow-capture start

Wait a moment and you can see flow details

7/22/2019 Cacti Netflow Collector (Flowview) and Softflowd

4/4