Adding a Netflow Listener to Cacti

This article explains how to add new Netflow listeners to Cacti. By default, Cacti is not able to show Netflow reports. So, to follow the steps in this article, the Flowview plugin have to be installed on Cacti.

1. Configure Cacti server to receive and store the netflow files adding the lines shown below, one line for each router:

vi /etc/flow-tools/flow-capture.conf

-V 5 -w /var/flow/ABC-Router -n 275 -N 3 -E500M 0/0/3001
-V 5 -w /var/flow/DEF-Router -n 275 -N 3 -E500M 0/0/3002
-V 5 -w /var/flow/GHI-Router -n 275 -N 3 -E500M 0/0/3003
-V 5 -w /var/flow/JKL-Router -n 275 -N 3 -E500M 0/0/3004
-V 5 -w /var/flow/MNO-Router -n 275 -N 3 -E500M 0/0/3005
-V 5 -w /var/flow/PQR-Router -n 275 -N 3 -E500M 0/0/3006
-V 5 -w /var/flow/STU-Router -n 275 -N 3 -E500M 0/0/3007
-V 5 -w /var/flow/VWX-Router -n 275 -N 3 -E500M 0/0/3008
-V 5 -w /var/flow/XYZ-Router -n 275 -N 3 -E500M 0/0/3009

2. Create the directories informed above (if they don’t already exist) and set the permitions so the flow-capture process has write permission:

mkdir -p /var/flow/PQR-Router && chmod 777 /var/flow/PQR-Router
mkdir -p /var/flow/STU-Router && chmod 777 /var/flow/STU-Router
mkdir -p /var/flow/XYZ-Router && chmod 777 /var/flow/XYZ-Router

3. Restart flow-capture service:

root@cacti:~# /etc/init.d/flow-capture restart
Stopping flow-capture: flow-capture.
Starting flow-capture: flow-capture.

4. Configure each router to send Cacti the Netflow data on the above declared TCP ports (ABC-Router port 3001, DEF-Router port 3002 and so on).

XYZ-Router(config)#ip flow-export source GigabitEthernet0/0.10
XYZ-Router(config)#ip flow-export version 5
XYZ-Router(config)#ip flow-export destination 10.100.2.250 3001
XYZ-Router(config)#inter gi 0/0.10
XYZ-Router(config-subif)#ip flow ingress
XYZ-Router(config-subif)#ip flow egress
XYZ-Router(config-subif)#end

In the above configuration, 10.100.2.250 is the Cacti server IP address, and 3001 is the TCP port for ABC-Router.

When configuring each additional router, change the TCP port to the matching TCP port previously defined.

5. Open Cacti web interface, click on the “Flows” tab and right under it click on the “Listerners” tab. For each router you’ll have to add one listener, so click “Add”, and fill the blanks as shown bellow. Be carefull to follow exactly the same directories names and TCP ports previously defined.

2 Replies to “Adding a Netflow Listener to Cacti”

  1. Wondering if you make it work – I fail to have anything working .
    the file name format created by flow-capture is not matching any netsting pattern.

Leave a Reply to Mike Nezri Cancel reply

Your email address will not be published. Required fields are marked *