On Tue 2017-Jun-06 16:39:16 -0700, Hugo Slabbert <hugo@slabnet.com> wrote:
On Tue 2017-Jun-06 17:43:46 -0400, Sami via NANOG <nanog@nanog.org> wrote:
Hello, I have been searching for a solution that collects/duplicates NetFlow traffic properly for a while but i couldn't find any. Do you know any good unix alternative to ntopng, flowd, flow-tools?
nprobe of netflow seems to be the closest one to fit my needs but i want to see if there are any other solution.
My goal is to centralize NetFlow traffic into a single machine and then proxy some flows to other destinations for further analysis
Best Regards, Sami
Flexible: pmacct[1][2] Simple and does what you ask: samplicate[3]
Actually: samplicate is more all-or-nothing as far as I'm aware. So it could proxy a full set of flows, but the "some flows" part of your request I'm not so sure about.
-- Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com pgp key: B178313E | also on Signal
[1] http://pmacct.net/ [2] https://github.com/pmacct/pmacct [3] https://github.com/sleinen/samplicator