Open 1223421 opened 3 months ago
Please elaborate. I've never used Netflow.
stats display --csv
and feed it to Netflow?Please elaborate. I've never used Netflow.
* What is Jool supposed to do? * What constitutes a "session log"? * Can't you just parse the output of [`stats display --csv`](https://nicmx.github.io/Jool/en/usr-flags-stats.html) and feed it to Netflow?
i need log all connections... netflow is the best way.. example for netflow - https://github.com/aabc/ipt-netflow (natevents), just like "global update logging-session yes" but to netflow...
or maybe you can add "follow" option for "stats display --csv" to echo all new connections to stdout like daemon ? without "follow" may be lost fast connections if i do it with crontab ... like this: jool session display --csv --numeric --folow | script_for_parse_and_save
i can do it with "logging-session yes" and "dmesg -w | grep Jool | script_for_parse_and_save" but this way is many trash in dmesg
thank you, sorry for bad English, i hope you understand me
Er... I don't know if you're still around, but this seems like a good idea. I don't have time to make something very formal, but I left a simple prototype in the jnetflow
branch. Maybe it's all you need.
Assuming you have 4.1.12 installed, here's the installation recipe:
git clone https://github.com/NICMx/Jool.git
cd Jool
git checkout jnetflow
./autogen.sh
./configure
make
cd src/usr/jnetflow # No need to install anything else because you already have it
sudo make install
Then, once you have Jool running (and assuming its instance name is potato
), do
$ sudo jool g u ss-enabled true
$ sudo jool g u ss-flush-asap false # Recommended, not actually necessary
$ jnetflow potato
2001:db8::5,1634,64:ff9b::c000:205,1634,192.0.2.2,2958,192.0.2.5,2958,ICMP,57248
2001:db8::5,1634,64:ff9b::c000:205,1634,192.0.2.2,2958,192.0.2.5,2958,ICMP,58248
2001:db8::5,1634,64:ff9b::c000:205,1634,192.0.2.2,2958,192.0.2.5,2958,ICMP,58248
2001:db8::5,1634,64:ff9b::c000:205,1634,192.0.2.2,2958,192.0.2.5,2958,ICMP,59248
2001:db8::5,1634,64:ff9b::c000:205,1634,192.0.2.2,2958,192.0.2.5,2958,ICMP,59248
(The instance name defaults to "default" as usual.)
For TCP and UDP, the columns are
For ICMP,
Are you sure this is what you want? I feel like what you really want is BIB entries, not session entries.
Are you sure this is what you want? I feel like what you really want is BIB entries, not session entries.
yes, need sessions.
it's work, thank you!
feature request in subj, please