Document Actions
flowfilter.conf
configuration of a filter for exported flow records
Description
The flowmon_nf5 and
flowmon_nf9 programs reads data from the
FlowMon probe and exports them to a remote collector. They can
also be configured to export only a subset of flows distinguished
by source and/or destination IP adresses. The ranges of addresses
that are allowed to be exported are specified in a configuration
file that is submitted to the exporter programs via the
-F command line option. This manual page
describes the syntax of the configuration file.
Lines containing only whitespace and lines starting with the
hash character # are ignored. Every other line
specifies a single contiguous range of IP addresses. Their format
is as follows:
begin-end:qualifier
Note that the delimiters - and
: must be separated by spaces from the three
parameters. The begin and
end parameters specify the first and
last IP address of the range, respectively. The
qualifier string must have one of the
following values:
src- The source IP address must fall into the range.
dst- The destination IP address must fall into the range.
src-dst- Either source or destination IP address must fall into the range.
Every flow record that is a candidate for export is matched against the address ranges line by line. Depending on the qualifier on the particular line, one or both IP addresses of the flow record are matched. As soon as a matching line is found, the flow record is exported. Otherwise, if none of the lines matches, the flow record is not exported.
Example
# Example flow filter configuration file
172.29.12.129 - 172.29.15.255 : src-dst
195.113.188.1 - 195.113.188.1 : dst
# All IPv6 flows are exported
:: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff : src-dst
See Also
Manual pages:
- flowmon_nf5(5)
NetFlow v5 exporter
- flowmon_nf9(5)
NetFlow v9 exporter
Other resources:
- http://www.flowmon.org/flowmon-probe/
FlowMon probe web page
Forgot your password?
New user?
FlowMon 1.2.0 Released