Hey There, I was just wondering, for people who are doing netflow analysis with open source tools and who are doing at least 10k or more flows per second, what are you using? I know of three tool sets: - The classic osu flow-tools and the modern continuation/fork. - ntop - nfdump/nfsen Is there anything else I've missed? A few folks here really seem to like nfsen/nfdump. Thanks, Matt -- Matthew Galgoci Network Operations Red Hat, Inc 919.754.3700 x44155 ------------------------------ “Whatever you do will be insignificant, but it is very important that you do it.” -- Mahatma Gandhi
On May 2, 2014, at 9:36 PM, Matthew Galgoci <mgalgoci@redhat.com> wrote:
A few folks here really seem to like nfsen/nfdump.
The good thing about nfdump/nfsen is that you can customize it and do a lot with it, and it's easy to get set up and running. This is the canonical list of open-source NetFlow tools: <http://www.switch.ch/network/projects/completed/TF-NGN/floma/software.html> ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
On 2014-05-02 16:36, Matthew Galgoci wrote: [..]
Is there anything else I've missed? A few folks here really seem to like nfsen/nfdump.
For OSS that is pretty much it that really matters (maybe you could add Argus if you really want though). For a long long list, check out Simon Leinen's site: https://www.switch.ch/network/projects/completed/TF-NGN/floma/software.html Not all of that is OSS though. Lots of these netflow-analyzer tools are in-house / a bunch-of-scripts-upon-scripts that are to scary to let out in the open and/or do not scale... IMHO your best bet is to use nfsen/nfdump as that is the best thing publicly available. Greets, Jeroen
2014-05-02 16:36 GMT+02:00 Matthew Galgoci <mgalgoci@redhat.com>:
Hey There,
I was just wondering, for people who are doing netflow analysis with open source tools and who are doing at least 10k or more flows per second, what are you using?
I know of three tool sets:
- The classic osu flow-tools and the modern continuation/fork. - ntop - nfdump/nfsen
Is there anything else I've missed? A few folks here really seem to like nfsen/nfdump.
Thanks,
Matt
Hi Matt, I've been using pmacct for quite some time now and I'm more than happy with the results. Being able to store all infos in a *SQL db is a killer feature for me. Also it can speak BGP with your routers so it can grab the AS Path information which allow us for example to make traffic graphs for a destination AS aggregated by AS Path (one of my favorites feature I had with the Arbor peakflow in my previous company). Pierre-Yves
participants (4)
-
Dobbins, Roland -
Jeroen Massar -
Matthew Galgoci -
Pierre-Yves Maunier