+1 for elasticflow But make sure to clear the indexes, as it wasn't included with the project, when we installed ours. Here's our solution that delete them after 90 days. ----- Crontab 0 12 * * * (cd /usr/local/<your corp>/scripts; ./<your corp>_elastiflow_prune.sh) > /dev/null 2>&1 ----- Content of the *_prune.sh for Linux #!/bin/csh -f set d_current=`date "+%s"` set d_90=`expr ${d_current} - \( 90 \* 24 \* 60 \* 60 \)` set idx=`date -d @${d_90} "+%Y.%m.%d"` curl -XDELETE "http://localhost:9200/elastiflow-${idx}" ----- Alain Hebert ahebert@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443 On 2019-05-18 00:19, Crist Clark wrote:
Been loving Elastiflow. Way overkill for what you need, but it's actually pretty easy to setup.
https://github.com/robcowart/elastiflow
On Fri, May 17, 2019 at 7:25 AM Dennis Burgess via NANOG <nanog@nanog.org> wrote:
I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently.
Thanks in advance.
Dennis Burgess, Mikrotik Certified Trainer
Author of "Learn RouterOS- Second Edition”
Link Technologies, Inc -- Mikrotik & WISP Support Services
Office: 314-735-0270 Website: http://www.linktechs.net
Create Wireless Coverage’s with www.towercoverage.com