I have been searching how to enable egress netflow and noticed that the ubiquity vyatta fork has a command to do so, “set system flow-accounting netflow enable-egress”. I believe this would require changes to the /opt/vyatta/sbin/vyatta-netflow.pl script and of course adding a new node.def in /opt/vyatta/share/vyatta-cfg/templates/system/flow-accounting/netflow/. I am not familiar with pmacct so I’m not sure what changes to the script must be made or if it’s more difficult than I am making it sound?
On a somewhat related netflow note, I didn’t see this in the forums here yet.
In my search I also found a ubiquity forum discussing how to get flow data Post-NAT. Figured this may be useful to some:
Default ULOG table/chain
There is some debate about whether we should hook into netfilter
very early (raw, PRE_ROUTING) or late (filter, VYATTA_POST_FW_FWD_HOOK)
For a default we will choose “early” - change it to “late” to use
the other table/chain.
my $table_chain_entry = “early”;
I love Vyatta and VyOS, thank you guys for doing a lot of work to keep it alive! I’m not a coder but have used Vyatta for a while and am a network engineer by trade and am happy to help in this project anyway I can.
Thanks
CJ