:
plugins: kafka aggregate: src_host, dst_host, src_port, dst_port, proto, tos, src_as, dst_as kafka_topic: netflow_raw kafka_broker_host: kafka1:9092,kafka2:9092 imt_path: /var/spool/pmacct - Top talkers last hour: netflow tools
# Flows per second (FPS) spike nfcapd -p 2055 -w -l /data -T all # Real-time: watch -n 1 'nfdump -R /data -r current -s flows | head' (requires NetFlow v9 + BGP table) : plugins: kafka aggregate: src_host
set forwarding-options sampling input rate 1000 set forwarding-options sampling family inet output cflowd 192.168.1.100 port 2055 version 5 : stores to disk/time-series DB.
(v5 to collector 192.168.1.100):
softflowd -D -i eth0 -v 5 -n 192.168.1.100:2055 Receives UDP datagrams, parses, stores to disk/time-series DB.