Version 1.4.1 - February 1, 2006

 

© copyright 2006 by Robert S. Galloway <rgalloway>
All Rights Reserved.

 

The author believes that appropriate credit has been given. If anyone has been missed, please alert me.

 

This document may be reproduced and distributed in its entirety (including this authorship, copyright, and permission notice), provided that no charge is made for the document itself.

 

How to build detailed Network Usage Reports using RRDTool, flow-tools, FlowScan, and CUFlow

 

What does this document cover?

This document is aimed at providing step by step instructions to build useful documentation and reports from NetFlow "flows" on Cisco routers. Other vendors have their own implementations of NetFlow. You should be able to use this document to build reports from those devices, but I am a Cisco expert, so this document assumes that you are using Cisco products.

 

Here's a list of what you will be able to do with this application:

  • Build graphs showing network utilization, including break downs by router, protocol, service, and network/host groups.
  • Build "top talker" reports for your network. These are EXTREMELY useful for just about everything.
  • Track down users and computers that are abusing your network, including virus infections and DOS attacks.
  • Impress the boss with colorful graphs! :-)

 

Assumptions and Support

This document assumes that you are familiar with getting around a Unix/Linux system and a Cisco Router. I used to be a RedHat Linux person, but they decided to go a different direction so I did too. Currently I use either SuSE or CentOS. CentOS is a rebuild from source of RedHat Enterprise Linux. (Links are in the appendix.) This document will assume that you are using CentOS or another RHEL3/4 complilant linux build. I do not claim to be all-knowing when it comes to Linux. I am sure that the way I do things is not the only way they can be done. This is simply the way I have done things and it works for me. You don't need to be a CCIE or a linux guru to make this work, but you will be compiling packages and modifying configuration files from the command line, so be prepared. Just to warn you, you should also be prepared to spend at least a couple of hours to complete this. However, once it's up and running, you shouldn't have to touch it except to update the CUFlow configuration.

 

These instructions come with no warranty or guarantee. If you blow something up and lose business because of it, that's your problem. I do not provide support for these packages or instructions. There are mailing lists for each one of the packages I use, please use them if you need additional help. I participate on several of them, so please do not e-mail me directly. I cannot promise that I will get back to you if you do. A list of these mailing lists is provided in the appendix.

 

I am not aware of any commercial support offered for RRDTool, flow-tools, FlowScan or CUFlow. If you know of any, please let me know at netflow and I will update this document.

 

Acknowledgements

This document is primarily an abridgement of the documentation provided by the authors of the packages we will be using. It is not meant to replace the documentation that comes with those packages. I have given credit to those individuals who have contributed to this document. If you feel that I have not given appropriate credit to someone, please let me know and I will correct my error.

 

 
© 2006, Robert S. Galloway