Home > Uncategorized > Using ipfixFlowInspectorExporter with VERMONT merge-features branch

Using ipfixFlowInspectorExporter with VERMONT merge-features branch

This write up is a partner write up to Configure VERMONT (VERsatile MONitoring Toolkit) on CentOS6.

 

As of May 1st, 2013, Lothar Braun has yet to merge the module that exports from VERMONT to the flow-inspector redis queue called ipfixFlowInspectorExported to the mainline git repo for VERMONT, but it is located in a repo called merge-features.

I will be continuing from the first reference to this page from the page on Configuring Vermont.

flow-inspector

The general data flow from packets to the flow-inspector web UI.

Clone the VERMONT repo and append the merged-features repo:

git clone http://github.com/constcast/vermont.git
cd ./vermont
git branch merge-features origin/merge-features
git checkout merge-features
cmake -DSUPPORT_SCTP=OFF -DSUPPORT_REDIS=ON -DWITH_TOOLS=OFF .
make
#find and remove the follow section from .\CMakeList.txt
#INSTALL(FILES ipfix-config-schema.xsd
#        DESTINATION share/vermont
#)
make install

You may continue back to section “Download and Build the VERMONT Manager web UI” (if you wish) on Configure VERMONT (VERsatile MONitoring Toolkit) on CentOS6.
or…

Start dumping flows to the redis queue:

The binary is located: /usr/local/bin/vermont
The flow-inspector config is located: ./configs/flowinspector_exporter.xml

cp /usr/local/share/vermont/configs/flowinspector_exporter.xml /usr/local/share/vermont/configs/flowinspector_exporter_original.xml

Refer to the Understanding a Vermont config file and modify `flowinspector_exporter.xml` as necessary.

Start the VERMONT probe:

/usr/local/bin/vermont -f /usr/local/share/vermont/configs/flowinspector_exporter.xml

Patience…
As Lothar describes in detail the waiting for data in his writeup, the following occurs:

1) VERMONT has a timeout on active flows of 10 minutes and inactive flows of 5 minutes. This means, it doesn’t push the flows to the redis queue until that time. You will see “Processed 0 flows” in the output of preprocess.py when there are no flows being pushed.

2) flow-inspector also caches data in the redis queue for five minutes before flushing it to the backend DB to be presented over the web UI. You will see “Live import. Flushing caches …” in the output of preprocess.py when this process occurs.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: