Using ipfixFlowInspectorExporter with VERMONT merge-features branch
As of May 1st, 2013, Lothar Braun has yet to merge the module that exports from VERMONT to the flow-inspector redis queue called ipfixFlowInspectorExported to the mainline git repo for VERMONT, but it is located in a repo called merge-features.
I will be continuing from the first reference to this page from the page on Configuring Vermont.
Clone the VERMONT repo and append the merged-features repo:
git clone http://github.com/constcast/vermont.git cd ./vermont git branch merge-features origin/merge-features git checkout merge-features cmake -DSUPPORT_SCTP=OFF -DSUPPORT_REDIS=ON -DWITH_TOOLS=OFF . make #find and remove the follow section from .\CMakeList.txt #INSTALL(FILES ipfix-config-schema.xsd # DESTINATION share/vermont #) make install
You may continue back to section “Download and Build the VERMONT Manager web UI” (if you wish) on Configure VERMONT (VERsatile MONitoring Toolkit) on CentOS6.
Start dumping flows to the redis queue:
The binary is located: /usr/local/bin/vermont
The flow-inspector config is located: ./configs/flowinspector_exporter.xml
cp /usr/local/share/vermont/configs/flowinspector_exporter.xml /usr/local/share/vermont/configs/flowinspector_exporter_original.xml
Refer to the Understanding a Vermont config file and modify `flowinspector_exporter.xml` as necessary.
Start the VERMONT probe:
/usr/local/bin/vermont -f /usr/local/share/vermont/configs/flowinspector_exporter.xml
As Lothar describes in detail the waiting for data in his writeup, the following occurs:
1) VERMONT has a timeout on active flows of 10 minutes and inactive flows of 5 minutes. This means, it doesn’t push the flows to the redis queue until that time. You will see “Processed 0 flows” in the output of preprocess.py when there are no flows being pushed.
2) flow-inspector also caches data in the redis queue for five minutes before flushing it to the backend DB to be presented over the web UI. You will see “Live import. Flushing caches …” in the output of preprocess.py when this process occurs.