[unisog] Cisco netflow reporting script

Tim Eden (te) te at unsw.edu.au
Tue Jul 25 06:05:31 GMT 2006

Hi All,

I've just subscribed to this list as I wanted to share a script I've 
been working on that we use at the University of New South Wales in 
Sydney, Australia to monitor traffic flows on our Cisco network and 
automatically notify the appropriate IT administrators if the number of 
flows for hosts exceed configured thresholds. The attached zip file 
contains the script itself (netflow.pl) and the five necessary 
configuration files with some example configuration in them. You will 
also need to edit the script to change the email address the report is 
sent from/to, router passwords and to customize the email format. In a 
nutshell the script collects netflow information for each VLAN that you 
configure, correlates it and if the number of traffic flows for any 
hosts within a VLAN exceed the configured thresholds it will 
automatically send an email summarizing the offending traffic flows to 
the email addresses that you configure as contacts for that VLAN.

The code might be a bit rough around the edges as I am a network 
engineer not a programmer, but I've tried to keep comments consistent 
and make the code easy to read and understand. If you have any 
questions, post them back to this list and I'll try and answer them. The 
script is by no means a replacement for a decent IDS but hopefully some 
people will find it useful in their environment. We run the script as a 
cron job every hour during the day and less often at night and over the 
weekend. If you have a smaller organization than a University you will 
find that it takes very little time to complete so you can run it more 
often/less often depending on what you want to achieve.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: netflow.zip
Type: application/octet-stream
Size: 14080 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20060725/dfb333c0/attachment-0001.obj 

More information about the unisog mailing list