Version 11 (modified by andreu, 14 years ago)

--

HOWTO renetcolGUI (realtime flow monitoring)

Get the tool

  • svn checkout svn://renetcol.renater.fr/renetcol/trunk/tool/renetcolGUI.py
  • or directly on the browse source page from the trac server (directory /trunk/tool/, file renetcolGUI)

Installation on Linux:

python renetcolGUI.py

Installation on Win32:

Configure communication between Collector and remote client:

You MUST change few values in the renetcolGUI.py file:

  • line 28 : path to GTK
  • line 47 to 53 : IP protocol choice and collector address

Warning: For your first action from the client to the collector it's possible to have a delay before the first flow view (>20s, it depends on the delay between two routers template definition).

First Start

Please note that all buttons and selection windows have a tip.
When RENETCOLGUI is launched, it's possible to have some warning.
The first output is the following:

---------------------------------------------------------------
In this version 0.0.7, you can apply rules on the collector based on the following fields:
IN_BYTES: 1,
L4_SRC_PORT: 7,
IPV4_SRC_ADDR: 8,
INPUT_SNMP: 10,
L4_DST_PORT: 11,
IPV4_DST_ADDR: 12,
OUTPUT_SNMP: 14,
IPV4_NEXT_HOP: 15,
BGP_IPV4_NEXT_HOP: 18,
IPV6_SRC_ADDR: 27,
IPV6_DST_ADDR: 28,
MPLS_TOP_LABEL_TYPE: 46,
IPV6_NEXT_HOP: 62,
BPG_IPV6_NEXT_HOP: 63,
IP_PROTOCOL_VERSION: 60, please note that the IPv4 templates don't have this field
ROUTER_SRC_ADDR: 0, !!! it's not a real number for a field, but it's a great function
----------------------------------------------------------------

It's the list of fields which can be used for the selection of a flow.
In the window, the first action is to activate the flows reception with a click on the File/ReceiveStream? button.
After, you can use the collector control button and enter a rule to be applied on the collector.

  • To see all flows from a router, enter 0 = 10.0.0.1 where 10.0.0.1 is the loopback who is used by the router to send the NetFlow Data Export to the collector.
  • To see all IPv6 flows which are on your network, enter 60 = 6 for field 60 (IP Protocol), value 6 (IPv6).
  • To see all flows from an IPv4 address, enter 8 = 192.168.0.1 and after validation, the second rules 12 = 192.168.0.1 (8 is IPV4_SRC_ADDR and 12 is IPV4_DST_ADDR).

Warning: If too many flows are received by the GUI, you can freeze the screen with the FREEZE button. During the freeze all flows received by the GUI are lost, except if you used the record option.