FlowProxy keeps its main configuration parameters stored in a configuration file named flowproxy.conf. This file is located in FlowProxy's installation directory.
The format of flowproxy.conf is plain text and is described below. You may edit it using your choice of text editor. However, in order for the changes to take effect, you must signal it to reload.
Signal FlowProxy to reload by sending the SIGHUP or "hang-up" signal to the flowproxy process. To do this, take the following steps:
Discover the process ID (PID) of the
flowproxyprocess by using thepscommand:% ps -ef | grep flowproxy
The PID will be among the output of the
pscommand.(Altenatively, you may read the contents of the PID file stored in /var/run/flowproxy.pid. Note that this technique works on all Unix platforms except Mac OS X.)
Use
killto send theSIGHUPsignal toflowproxy, using the PID you found in step 1:% kill -HUP XXXX
The FlowProxy configuration file is organized in a key/value-pair hierarchy. In general, configuration keys can appear in any order in the file; however, some related keys must be placed together in sections, which are opened with <section-name> tags and closed by </section-name> tags.
-
netflow/netflowport Typical NetFlow/cFlow/jFlow/IPFIX/NSEL exporters records to UDP/2055, UDP/9666, and/or UDP/9996. FlowProxy opens these three ports for collecting incoming datagrams. Each port gets its own input buffer and processing thread. This means that powerful servers under heavy flow load can benefit from opening more ports and configuring exporters to send flows to the alternative ports. Doing this effectively spreads the load and prevents flow packets being dropped. In most scenarios this will be unnecessary. You may enter up to 8 space-separated ports in this list. These ports will handle NetFlow v1/v5/v7/v9, cFlow, jFlow, IPFIX, and NSEL.
-
netflow/ipfixtcpport IPFIX exporters can use TCP as the transport protocol. In this case the exporter connects to the FlowProxy on the given TCP port to transport the IPFIX records. Similar to the UDP NetFlow configuration, opening multiple ports and distributing multiple exporters among them, will spread the CPU load over multiple threads, recuding congestion in busy networks.
-
sflow/sflowport By default, FlowProxy listens on port UDP/6343 for incoming sFlow packets. Similarly to the
netflowport, you can enter multiple space-separated port numbers here to make FlowTraq Server listen on different or additional ports for sFlow datagrams. You may enter up to 4 ports in this list. These ports will handle sFlow v2/v4/v5.-
debuglevel This determines how verbose FlowTraq should be when writing to
logfile. In ascending order of verbosity, this key may be set to one of the following values: ALWAYS, CRITICAL, HIGH, MEDIUM, LOW. Be careful when using the more verbose settings such as LOW, as the log file may grow to be very large over time.-
recursion/guid XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX All traffic forwarded by this proxy will be tagged with this GUID. If you need a GUID, please contact FlowTraq support: support@flowtraq.com
Note: GUIDs have the form: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
-
recursion/forwarder0 IP PORT All traffic forwarded by this proxy will be sent to the destination IP and port (IPFIX over TCP) specified here
