-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Gatti wrote:
Anyone out there using a good netflow collector that has the capability data to export to CSV? Open Source would be best, but any suggestions are welcome.
There are so many ways to do it. Once you capture the flow data and store it in raw files, it's just a matter of filtering and converting the data to whatever format you want. The flow-tools suite has everything you'd need if you wanted to write some scripts of your own. For example, flow-export takes a raw flow file as input and can output in various formats, including ASCII CSV. See `man flow-tools` for more information on flow-export and other useful flow tools. That said, I'm using a variation of this setup, from Robert S. Galloway: http://www.dynamicnetworks.us/netflow/ If you set it up as documented by Mr. Galloway, you'll end up with your netflow data (IIRC, just networks, octets, and packets) organized into various RRD files, depending on how you set up CUFlow.cf. For example, one RRD file per customer. By default, flowscan will delete the raw flow files after it parses them into RRDs. Optionally, you can retain your raw flow files by creating a "saved" directory in your flows path (see flowscan docs). For visualization, I import the RRD files into Cacti. For CSV output I wrote a perl script. It pulls data from the resulting RRD files, computes the 95th percentile(s), among other things, and e-mails the CSV(s) to the appropriate people at the appropriate times. Like I said, though, there are so many ways to do it. The way you need to do it will depend on what you're trying to get out of the netflow data. Regards, Michael Hertrick Neovera, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkyT05oACgkQcJVdtfpkLb85lQCfTBLcpfZMxqszfHNFUV7opFVj 1DQAoI0wGv9NgefnwDpTv5e2+BDoMQbV =Hzrs -----END PGP SIGNATURE-----