Trying to collect Netflow info via Ntop on my V5 OS. Set up Ip/Traffic Flow to use Version 5 and its going to my server where I have Ntop running and its collecting what looks like raw data with a .flow extension.
Supposedly Sawmill supports Mikrotik log format, but when I try and create a profile, it says it does not recognize the log format.
My goal was to get all the data flowing thru the Mikrotik router and getting reports thru Sawmill.
Has anyone gotten this combination to work? Is there a better tool then sawmill that will take the netflow data and extract it?
MikroTik RouterOS logs support two formats, http://wiki.mikrotik.com/wiki/Log
first format is “read” by any Linux syslog, second format is “read” by BSD-syslog.
Doing more digging it appears that Sawmill can read in ascii logs, but ntop puts out raw data. Need a tool like nfdump to convert the rae data to ascii. Unfortunately they have no Linux at their shop and cant seem to find a netflow ascii exporter that runs under windows.
I assume Sawmill can read logs from /system logging and not from /ip traffic-flow.
Configure /system logging action, set settings for “remote”, address of your syslog (Sawmill server);
Configure /system logging, to specify type of logs that router will send to remote syslog.