Building the Network You Need with OpenBSD's PF: EuroBSDCon, St. Julian's, September 26th 2013 | ||
---|---|---|
Prev | Next |
pflow(4) pseudo-device exports Netflow v5 data (introduced in OpenBSD 4.5)
a sensor, records data on flows: source/destination address, start/end time, # bytes
each connection consists of two flows (one for each direction)
pflow fetches data from the PF state table
Potentially very detailed data on your traffic
Initially only netflow version 5 (IPv4 only), from OpenBSD 5.1 onwards, versions 9 and 10 (aka IPFIX) are supported (with IPv6). Check what your collector side can handle