i have a few routers of various flavors spewing netflow data. currently i use flowtools, and get text reports via email. but they're soooo 20th century. what will accept flow data from the routers and give me a sexy web page or two showing the elephant apps and sites? has to be in freebsd ports tree, as i don't have much time to spend on this. randy
On Fri, 3 Feb 2006, Randy Bush wrote:
i have a few routers of various flavors spewing netflow data. currently i use flowtools, and get text reports via email. but they're soooo 20th century.
what will accept flow data from the routers and give me a sexy web page or two showing the elephant apps and sites? has to be in freebsd ports tree, as i don't have much time to spend on this.
nfsen (http://nfsen.sourceforge.net) and nfdump (http://nfdump.sourceforge.net) look like a decent stab at what you want. nfdump is the data collector and nfsen is the sexy-web-page-maker. I don't know if it's in the freebsd ports tree though... jms
Justin M. Streiner wrote:
On Fri, 3 Feb 2006, Randy Bush wrote:
i have a few routers of various flavors spewing netflow data. currently i use flowtools, and get text reports via email. but they're soooo 20th century.
what will accept flow data from the routers and give me a sexy web page or two showing the elephant apps and sites? has to be in freebsd ports tree, as i don't have much time to spend on this.
ntop off the cuff. In the ports tree. Stager looks interesting too, not in the ports tree but had FreeBSD specific documentation: http://software.uninett.no/stager/?page=docs --Peter
--On February 3, 2006 9:10:36 PM -0800 Peter Wohlers <pedro@whack.org> wrote:
Justin M. Streiner wrote:
On Fri, 3 Feb 2006, Randy Bush wrote:
i have a few routers of various flavors spewing netflow data. currently i use flowtools, and get text reports via email. but they're soooo 20th century.
what will accept flow data from the routers and give me a sexy web page or two showing the elephant apps and sites? has to be in freebsd ports tree, as i don't have much time to spend on this.
ntop off the cuff. In the ports tree.
Stager looks interesting too, not in the ports tree but had FreeBSD specific documentation:
http://software.uninett.no/stager/?page=docs
--Peter
Never did like ntop, always used a lot of memory, and has never been stable. Also no history, just 'current'.
Hello, On Sat, 04 Feb 2006, at 00:01, Justin M. Streiner wrote:
On Fri, 3 Feb 2006, Randy Bush wrote:
i have a few routers of various flavors spewing netflow data. currently i use flowtools, and get text reports via email. but they're soooo 20th century.
what will accept flow data from the routers and give me a sexy web page or two showing the elephant apps and sites? has to be in freebsd ports tree, as i don't have much time to spend on this.
nfsen (http://nfsen.sourceforge.net) and nfdump (http://nfdump.sourceforge.net) look like a decent stab at what you want. nfdump is the data collector and nfsen is the sexy-web-page-maker. I don't know if it's in the freebsd ports tree though...
It is sir - I concur, very nice tool, actively maintained, and the author is always willing to consider feedback, request for features etc - yann
folk have asked me to summarize. so here it goes "Justin M. Streiner" <streiner@cluebyfour.org> and Nicolas Strina <nicolas.strina@noc.ip-man.net> recommended the nfdump nfsen pair, http://nfsen.sourceforge.net http://nfdump.sourceforge.net Chris Kuethe <chris.kuethe@gmail.com> and Peter Wohlers <pedro@whack.org> recommended ntop http://www.ntop.org/ Peter Wohlers <pedro@whack.org> also recommended Stager http://software.uninett.no/stager/?page=docs Steven Rakick <stevenrakick@yahoo.com> recommended nSight http://www.obtuse.net/software/nsight Tony Hacche <hacche@gmail.com> recommended Crannog's NetFlow Tracker http://www.crannog-software.com/index.php?go=Product.ShowDetail&ProductID=1 Jared Mauch <jared@puck.nether.net> has a tool to detect and highlight ddos symptoms, but it does not have per-protocol sexy graphs. looks very useful for ddos detection, though --- i am currently playing with nfsdump/nfsen randy
If one does not wanna use netflow, but ipaccounting, then this is a also a nice solution... http://ipacco.sourceforge.net/index.php tom from munich/germany -----Ursprüngliche Nachricht----- Von: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] Im Auftrag von Randy Bush Gesendet: Montag, 6. Februar 2006 09:25 An: nanog@nanog.org Betreff: Re: flow -> web folk have asked me to summarize. so here it goes "Justin M. Streiner" <streiner@cluebyfour.org> and Nicolas Strina <nicolas.strina@noc.ip-man.net> recommended the nfdump nfsen pair, http://nfsen.sourceforge.net http://nfdump.sourceforge.net Chris Kuethe <chris.kuethe@gmail.com> and Peter Wohlers <pedro@whack.org> recommended ntop http://www.ntop.org/ Peter Wohlers <pedro@whack.org> also recommended Stager http://software.uninett.no/stager/?page=docs Steven Rakick <stevenrakick@yahoo.com> recommended nSight http://www.obtuse.net/software/nsight Tony Hacche <hacche@gmail.com> recommended Crannog's NetFlow Tracker http://www.crannog-software.com/index.php?go=Product.ShowDetail&ProductID=1 Jared Mauch <jared@puck.nether.net> has a tool to detect and highlight ddos symptoms, but it does not have per-protocol sexy graphs. looks very useful for ddos detection, though --- i am currently playing with nfsdump/nfsen randy
participants (6)
-
Justin M. Streiner
-
Michael Loftis
-
Peter Wohlers
-
Randy Bush
-
tom
-
Yann Berthier