We have a number of Linux servers for which I would like to capture netflow data to be processed by a netflow analyzer. I've been spoiled by the ease in which Mikrotik routers allow netflow data generation, but I haven't managed to find an opensource tool that is able to generate netflow data for multiple interfaces on a Linux system.
I have come across fprobe but it seems quite buggy. Admittedly I haven't spent much time with it yet since I'd also like to evaluate some other possibilities. The other tool I've seen mentioned is nprobe, which appears to be GPL, but is not available as a free download since it is only offered for a fee.
The servers on which I plan to generate netflow data are all Gentoo systems, but this shouldn't really make any difference. At most it means I would have to manually compile a tool from source.
Summary: I'm looking for an opensource netflow generator that will work on Linux and allows capturing flows for multiple interfaces.
You should check IPT-NETFLOW, it seems exactly what you need implemented as a kernel module for IPTABLES. It is actively maintained and used succesfully in some ISP so should be good enough. Documentation could be better though (look into README file).
ntop will do it, but is probably not the best choice. Definitely check out pmacct; it's designed exactly for this. From the feature list:
Among many other things.
Here's a newer project for collecting and analyzing NetFlow data on Linux: ElastiFlow
the advantage of fprobe is that it can generate Netflow streams using regular libpcap or ulogd.
it is a little more dated, and seems indeed buggier, but it may be useful to bootstrap a setup, as it does not require compiling a kernel module (like ipt-netflow) and doesn't ship any additional features (like ntop or pmacct).