Date: Wed, 12 Jun 2013 00:17:15 +0000 From: "Scott, Brian" <brian.scott4@det.nsw.edu.au> To: "Daniel O'Connor" <doconnor@gsoft.com.au>, "freebsd-stable@freebsd.org stable" <freebsd-stable@freebsd.org> Subject: RE: Flow monitoring with PF Message-ID: <7DB382CFB050654DBFF7A39B1F8056EB1DF68293@WPEXCHMBSL1021.central.det.win> In-Reply-To: <57C2DC16-7868-4C20-AB34-5B35A939D095@gsoft.com.au> References: <57C2DC16-7868-4C20-AB34-5B35A939D095@gsoft.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
>I was looking at trying out flow monitoring and I found pfflowd, but unf= ortunately it does not work with FreeBSD >9.0. I thought about ng_netflow= =20but that doesn't >see my tun interface which may be related to.. >WARNING: attempt to domain_add(netgraph) after domainfinalize() Noise message. I've never seen it actually mean anything. The problem is that tun0 is a generic network interface. Ng_ether only ex= poses Ethernet devices. The equivalent to tun but for an Ethernet device = is tap. Creating a tap device after boot immediately creates the correspo= nding ng_ether node which can then be plumbed into ng_netflow. Some software is kind enough to work with either tun or tap as a configur= able option. >Does anyone have any recommendations for generating flow information fro= m PF? I've had great success with ng_netflow. I like the fact that all the proc= essing is in-kernel. ********************************************************************** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. **********************************************************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7DB382CFB050654DBFF7A39B1F8056EB1DF68293>