Slexy.org is shutting down and stopped accepting new Pastes on May 4th, 2021.
Existing Pastes will stop being available on or after May 10th, 2021.
Author: Darin Language: text
Description: Netflow per jail using cloned interfaces Timestamp: 2015-10-14 17:38:55 +0000
View raw paste Reply
Hi guys,

Hope all is well with everyone! I have been messing around with nfsen/nfdump/nfcapd on FreeBSD 10.2-RELEASE running within a jail using ezjails.
The data can be viewed live at: http://cr1.nyc1.technotic.ca/index.php?sub_tab=0

The problem is that while I was able to add my jails on another server, the data is only being polled on the physical interface, not the lookbacks which are assigned to each jail.
I was wondering if there would be a way to get this working so I can see the data per jail (i.e. mx, www, ns1, and sip) instead of just the other host (cr1.tor1)

Keep up the great work! You're all AWESOME people I sincerely hope to meet one day!

### /usr/local/etc/nfsen.conf // only the source are relevant
%sources = (
     'cr1-nyc1'    => { 'port' => '9991', 'col' => '#0000ff', 'type' => 'netflow', 'IP' => '10.10.11.10' },
     'cr1-tor1'    => { 'port' => '9992', 'col' => '#339966', 'type' => 'netflow', 'IP' => '172.30.0.10' },
     'sip'         => { 'port' => '9993', 'col' => '#088A08', 'type' => 'netflow', 'IP' => '10.10.10.10' },
     'www'         => { 'port' => '9994', 'col' => '#ff40ff', 'type' => 'netflow', 'IP' => '10.10.10.11' },
     'ns1'         => { 'port' => '9995', 'col' => '#000000', 'type' => 'netflow', 'IP' => '10.10.10.13' },
     'mx'          => { 'port' => '9996', 'col' => '#990066', 'type' => 'netflow', 'IP' => '10.10.10.14' },
);
View raw paste Reply