First install JDK1.4.2 or above and mysql 4.x. Create a database named flowdata ('mysql -u root -p[password]' to enter it and 'create database if not exist flowdata')
Secondly, uncompress the jnca-beta-0.91.jar and modify the properties files located under etc/ directory
Add the current directory (i.e the dot "." where etc and cai is located) and mysql-connector-java-3.1.10-bin.jar to ClassPath system variable ( it should contain the rt.jar shipped with JDK as well)
launch "java cai.flow.collector.Run create_db" to create the tables. e.g in windows, the command line should be similar to "D:\Dev\netflow\jnca>java -classpath %classpath%;.\mysql-connector-java-3.1.10-bin.jar;.;.. cai.flow.collector.Run create_db"
Carefully read the netflow.properties file under the etc directory, you have to add your router ip to the flow.collector.router.group within netflow.properties
launch "java cai.flow.collector.Run" as :"D:\Dev\netflow\jnca>java -classpath %classpath%;.\mysql-connector-java-3.1.10-bin.jar;.;..
Configure nprobe or cisco/juniper router to export netflow v1 v5 v7 v8 v9 UDP packet to current host:2055 UDP port.
Please Note the IpSegments(in SQL.properties) will map ip addresses in flows (srcaddr, dstaddr) with segment ip address, this will make the flows data between single ip addresses to flows' statistics between ip segments. If all related ip addresses are all mapped to ip segments, the host aggregates will save great space and soon give you the total view of the flows within the network, NO MATTER how large the network would be.
Please Note the only flows with ip adress NOT in ip.source.excludes(in netflow.properties) AND within ip.source.includes will be collected, so is the ip.dst.excludes setting. This will excludes the unnecessary resouce waste due to rubbish flows.
Mapping Rules: we call an ip address belongs to a ip segment if the (ip address bit AND ip segment == ip segment) logical AND (ip address bit OR ip segment == ip address)
wait for a couple of minutes, look up the tables to see data.
Please contact me thru email@example.com or dial (0086-)13880021897 (English or Chinese language could be understood)
Please refer to http://itknowledge.yeah.net or http://jnca.sourceforge.net