viernes, 21 de septiembre de 2012

Configure Vyatta Router as a netflow exporter for McAfee NTBA

In order to use Netflow source with McAfee NTBA (Network Threat Behaviour Analysis) i configured Vyatta virtual router as follows using Netflow v5 exporting eth0 and eth1 netflows to McAfee NTBA (192.168.20.68 port 9996)
Router is configured to masquerade the network 192.168.69.0/24.



The virtual router configuration:
vyatta@vyattanetflow# show
 interfaces {
     ethernet eth0 {
         address 192.168.20.67/24
         description VSW1_1A1B
         hw-id 00:0c:29:9f:7a:c3
     }
     ethernet eth1 {
         address 192.168.69.1/24
         description VSW3
         hw-id 00:0c:29:9f:7a:cd
     }
     loopback lo {
     }
 }
 nat {
     source {
         rule 1 {
             outbound-interface eth0
             source {
                 address 192.168.69.0/24
             }
             translation {
                 address masquerade
             }
         }
     }
 }
 protocols {
     static {
         route 0.0.0.0/0 {
             next-hop 192.168.20.1 {
             }
         }
     }
 }
 service {
     ssh {
         listen-address 192.168.20.67
         listen-address 192.168.69.1
     }
 }
 system {
     config-management {
         commit-revisions 20
     }
     console {
         device ttyS0 {
             speed 9600
         }
     }
     flow-accounting {
         interface eth0
         interface eth1
         netflow {
             server 192.168.20.68 {
                 port 9996
             }
             version 5
         }
     }
     login {
         user vyatta {
             authentication {
                 encrypted-password
             }
             level admin
         }
     }
     ntp {
         server 0.vyatta.pool.ntp.org {
         }
         server 1.vyatta.pool.ntp.org {
         }
         server 2.vyatta.pool.ntp.org {
         }
     }
     package {
         repository community {
             components main
             distribution stable
             url http://packages.vyatta.com/vyatta
         }
     }
     syslog {
         global {
             facility all {
                 level notice
             }
             facility protocols {
                 level debug
             }
         }
     }
 }

1 comentario:

smaffeis dijo...

Thanks for the information, I managed to get it running