On the test, I will install the fprobe sensor, which will collect statistics from network interfaces and transmit it to the collector.
Switch to the root user:
sudo -i
You can install fprobe on Ubuntu/Debian with the command:
apt-get install fprobe
To configure fprobe, open its configuration file:
nano /etc/default/fprobe
And for example, we indicate:
INTERFACE="eth0"
FLOW_COLLECTOR="localhost:555"
OTHER_ARGS="-fip"
The INTERFACE line indicates from which interface to intercept traffic, if necessary on all available ones, then specify “any”.
FLOW_COLLECTOR indicates the IP address and port on which the collector receives UDP packets.
OTHER_ARGS indicates other options. In this case, a filter is specified that selects only IP packets (ARP packets will not be taken into account).
Restart fprobe to apply the changes:
service fprobe restart
Check if fprobe is running and the collector is running:
service fprobe status
netstat -anpl |grep fprobe
ps ax | grep fprobe
netstat -anpl |grep 555
Make sure that it is added to startup at startup of the operating system:
systemctl is-enabled fprobe.service
systemctl enable fprobe.service
You can use flow-tools as a collector, see also my article:
Installing and using flow-tools