====== IPFIXCol2 - NetFlow v5/v9 and IPFIX flow collector and balancer ====== {{indexmenu_n>3}} ===== Introduction ===== [[https://github.com/CESNET/ipfixcol2|IPFIXCol2]] — is a flexible, high-performance NetFlow v5/v9 and IPFIX streaming data collector, extensible with plugins. The version of the application presented in the VAS Experts repository includes the changes needed to work optimally with IPFIX streams from the Stingray Service Gateway. ===== Installation ===== - Connect the VAS Experts repository rpm --import http://vasexperts.ru/centos/RPM-GPG-KEY-vasexperts.ru rpm -Uvh http://vasexperts.ru/centos/6/x86_64/vasexperts-repo-1-0.noarch.rpm - Install ipfixcol2: dnf install -y ipfixcol2 ===== Setup files ===== Configuration file: /opt/vasexperts/etc/ipfixcol2/startup.xml Executable file: /opt/vasexperts/bin/ipfixcol2 Plugins: /opt/vasexperts/lib64/ipfixcol2/libanonymization-intermediate.so /opt/vasexperts/lib64/ipfixcol2/libfds-output.so /opt/vasexperts/lib64/ipfixcol2/libjson-kafka-output.so /opt/vasexperts/lib64/ipfixcol2/libudp-input.so /opt/vasexperts/lib64/ipfixcol2/libdummy-input.so /opt/vasexperts/lib64/ipfixcol2/libforwarder-output.so /opt/vasexperts/lib64/ipfixcol2/libjson-output.so /opt/vasexperts/lib64/ipfixcol2/libviewer-output.so /opt/vasexperts/lib64/ipfixcol2/libdummy-output.so /opt/vasexperts/lib64/ipfixcol2/libipfix-input.so /opt/vasexperts/lib64/ipfixcol2/libtcp-input.so /opt/vasexperts/lib64/ipfixcol2/libfds-input.so /opt/vasexperts/lib64/ipfixcol2/libipfix-output.so /opt/vasexperts/lib64/ipfixcol2/libtimecheck-output.so Service file to run the application: /usr/lib/systemd/system/ipfixcol2.service ===== Launch parameters ===== The program has the following launch parameters: Usage: ipfixcol2 [-c FILE] [-p PATH] [-e DIR] [-P FILE] [-r SIZE] [-vVhLd] -c FILE Configuration file path (/etc/opt/vasexperts/ipfixcol2/startup.xml by default) -p PATH Path to the plugins directory (/opt/vasexperts/lib64/ipfixcol2/ by default) -e DIR Path to the IPFIX item directory (/etc/libfds/ by default) -P FILE Path to PID file (without this option, no PID file is created) -d Run as a daemon -r SIZE Circular buffer size (8192 by default) -h Output the brief info -V Output the program version -L Output the list of plugins and exit -v Increase the logging level (by default only errors are logged) (can be used up to 3 times to add warning/info/debug messages) ===== Application configuration for IPFIX stream replication ===== The configuration file ''/opt/vasexperts/etc/ipfixcol2/startup.xml'' shows an example of how to configure one IPFIX stream replication over TCP to two collectors in round robin mode. The configuration file is in xml format. TCP collector tcp 1600 192.168.1.183 Forwarder forwarder roundrobin tcp 0 Subcollector 1
192.168.1.183
1500
Subcollector 2
192.168.1.183
1510
The interface and the port for receiving IPFIX stream are configured in the '''' block. The ''TCP'' plugin ('' tcp'') is used to receive IPFIX stream via TCP. In the '''' block the plugin's parameters are set. The '''' block of the ''tcp'' plugin contains the port number to receive the IPFIX stream. The '''' block contains IP address of the interface to receive TCP stream. IPFIX input stream replication is configured in the '''' block. For replication ''forwarder'' plugin ('' forwarder'') is used. In the '''' block the plugin's parameters are set. In block '''' indicate the IP protocol (''TCP'' or ''UDP''). The '''' block specifies the mode of the input IPFIX stream distribution to the specified collectors (may be ''roundrobin'' or ''all''). Block '''' specifies collectors for replication of input IPFIX stream. Each collector is described by a separate '''' block. In this block the collector name ('''' block), IP address (''
'' block) and port ('''' block) are specified. **Attention!**\\ You must pay attention to the value of the '''' block. To replicate the input stream to **all** collectors you must specify ''all''. ===== Application launch ===== To launch the application, use the command: systemctl start ipfixcol2 To launch the application automatically at server startup, run the following command: systemctl enable ipfixcol2 ===== Logging ===== The application outputs messages to the ''syslog''. By default, only error messages are logged.