Install
First install JDK1.4.2 or above and mysql 4.x. Create a database named flowdata
('mysql -u root -p[password]' to enter it and 'create database if not exist flowdata')
Secondly, uncompress the jnca-beta-0.91.jar and modify the properties files
located under etc/ directory
Add the current directory (i.e the dot "." where etc and cai is located) and
mysql-connector-java-3.1.10-bin.jar to ClassPath system variable ( it should
contain the rt.jar shipped with JDK as well)
launch "java cai.flow.collector.Run create_db" to create the tables. e.g in
windows, the command line should be similar to "D:\Dev\netflow\jnca>java -classpath
%classpath%;.\mysql-connector-java-3.1.10-bin.jar;.;.. cai.flow.collector.Run
create_db"
Carefully read the netflow.properties file under the etc directory, you have to
add your router ip to the flow.collector.router.group within
netflow.properties
launch "java cai.flow.collector.Run" as :"D:\Dev\netflow\jnca>java -classpath %classpath%;.\mysql-connector-java-3.1.10-bin.jar;.;..
cai.flow.collector.Run"
Configure nprobe or cisco/juniper router to export netflow v1 v5 v7 v8 v9 UDP
packet to current host:2055 UDP port.
Please Note the IpSegments(in SQL.properties) will map ip addresses in flows (srcaddr, dstaddr) with segment ip address, this will make the flows data between single ip addresses to flows' statistics between ip segments. If all related ip addresses are all mapped to ip segments, the host aggregates will save great space and soon give you the total view of the flows within the network, NO MATTER how large the network would be.
Please Note the only flows with ip adress NOT in ip.source.excludes(in netflow.properties) AND within ip.source.includes will be collected, so is the ip.dst.excludes setting. This will excludes the unnecessary resouce waste due to rubbish flows.
Mapping Rules: we call an ip address belongs to a ip segment if the (ip address bit AND ip segment == ip segment) logical AND (ip address bit OR ip segment == ip address)
wait for a couple of minutes, look up the tables to see data.
Trouble shooting
Please contact me thru swingler@126.com or dial (0086-)13880021897 (English or
Chinese language could be understood)
Detail info
Please refer to http://itknowledge.yeah.net or http://jnca.sourceforge.net