Softflowd – NetFlow network traffic analyzer.
You can install in Ubuntu/Debian using the command:
sudo apt-get install softflowd
After installation, you need to open its configuration file, for example, in the nano editor (Ctrl+X for exit, y/n for saving or canceling changes):
sudo nano /etc/default/softflowd
And specify the parameters, for example:
INTERFACE="any" OPTIONS="-n 192.168.1.40:5556"
After the changes, perform a restart:
sudo /etc/init.d/softflowd restart
Let’s look at the statistics of softflowd:
softflowctl statistics
If it is not running, there will be an error:
ctl connect(“/var/run/softflowd.ctl”) error: Connection refused
Display information about all monitored threads:
sudo softflowctl dump-flows
Information about softflowctl can be viewed by the command:
man softflowctl
I’ll describe other startup options:
-n (specify the network node and port on which will work softflowd)
-i (interface on which will work softflowd)
-r pcap_file (reading information from a file, not a network interface)
-p pidfile (alternative location for storing the process identifier, standard /var/run/softflowd.pid)
-c ctlsock (alternative location for the socket, standard /var/run/softflowd.ctl)
-m max_flows (maximum number of threads for simultaneous tracking)
-6 (consider also IPv6 data)
-D (debug mode)
-T track_level (level of tracking, can be full, proto, ip)
-v netflow_version (netflow version)