NAME

flowd — NetFlow collector daemon

SYNOPSIS

DESCRIPTION

flowd is a small NetFlow collector daemon capable of understanding Cisco NetFlow version 1, version 5 and version 9 packet formats. flowd supports filtering and tagging of received flows before they are stored on disk, using a filter syntax similar to the OpenBSD PF packet filter. The on-disk format is flexible in that it allows selection of which packet fields are recorded, so logs may be made very compact.

By default, flowd will obtain its configuration from the flowd.conf(5) file, which typically resides in /usr/local/etc/flowd.conf. However, a different configuration file may be specified on the commandline using the -d option.

flowd may be terminated by sending it a SIGTERM signal. Upon receipt of a SIGUSR1 flowd will close and reopen its logfile. This is useful for rotating logs. When flowd receives a SIGHUP it will re-read its configuration and re-open its logfile. Some basic runtime statistics will be logged when flowd is signalled with SIGUSR2 or SIGINFO.

The command-line options are as follows:

-D macro=value

defines the name macro, which can then be used later in the config file. Refer to the MACROS section in flowd.conf(5) for more information on the use of macros.

-d

Places flowd in debugging mode. In this mode, flowd will not fork to the background and will print verbose diagnostics, including details of each flow received.

-g

Causes flowd not to fork and background itself. Logging will be reported to stderr instead of syslog.

-f config_file

Specify an alternate location for the configuration file Default is /usr/local/etc/flowd.conf

-h

Displays commandline usage information.

AUTHORS

Damien Miller <djm@mindrot.org>

SEE ALSO

flowd-reader(8) flowd.conf(5)