I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently. Thanks in advance. [LTI-Full_175px] Dennis Burgess, Mikrotik Certified Trainer Author of "Learn RouterOS- Second Edition" Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net<http://www.linktechs.net/> Create Wireless Coverage's with www.towercoverage.com
Fastnetmon have that: https://fastnetmon.com/fastnetmon-advanced-traffic-persistency/ I used it for such purposes. On 2019-05-17 17:26, Dennis Burgess via NANOG wrote:
I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently.
Thanks in advance.
DENNIS BURGESS, MIKROTIK CERTIFIED TRAINER
Author of "Learn RouterOS- Second Edition"
LINK TECHNOLOGIES, INC -- Mikrotik & WISP Support Services
OFFICE: 314-735-0270 Website: http://www.linktechs.net [1]
Create Wireless Coverage's with www.towercoverage.com [2]
Links: ------ [1] http://www.linktechs.net/ [2] http://germany.nuclearcat.com/www.towercoverage.com
* nanog@nanog.org (Dennis Burgess via NANOG) [Fri 17 May 2019, 16:25 CEST]:
I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently.
It sounds like https://blog.apnic.net/2017/01/26/traffic-analysis-better-peering/ would be right up your alley. -- Niels.
Been loving Elastiflow. Way overkill for what you need, but it's actually pretty easy to setup. https://github.com/robcowart/elastiflow On Fri, May 17, 2019 at 7:25 AM Dennis Burgess via NANOG <nanog@nanog.org> wrote:
I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently.
Thanks in advance.
Dennis Burgess, Mikrotik Certified Trainer
Author of "Learn RouterOS- Second Edition”
Link Technologies, Inc -- Mikrotik & WISP Support Services
Office: 314-735-0270 Website: http://www.linktechs.net
Create Wireless Coverage’s with www.towercoverage.com
Also was a favourite last time this discussion popped up (in recent memory): https://mailman.nanog.org/pipermail/nanog/2018-March/094490.html -- Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com pgp key: B178313E | also on Signal On Fri 2019-May-17 21:19:02 -0700, Crist Clark <cjc+nanog@pumpky.net> wrote:
Been loving Elastiflow. Way overkill for what you need, but it's actually pretty easy to setup.
https://github.com/robcowart/elastiflow
On Fri, May 17, 2019 at 7:25 AM Dennis Burgess via NANOG <nanog@nanog.org> wrote:
I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently.
Thanks in advance.
Dennis Burgess, Mikrotik Certified Trainer
Author of "Learn RouterOS- Second Edition”
Link Technologies, Inc -- Mikrotik & WISP Support Services
Office: 314-735-0270 Website: http://www.linktechs.net
Create Wireless Coverage’s with www.towercoverage.com
+1 for elasticflow But make sure to clear the indexes, as it wasn't included with the project, when we installed ours. Here's our solution that delete them after 90 days. ----- Crontab 0 12 * * * (cd /usr/local/<your corp>/scripts; ./<your corp>_elastiflow_prune.sh) > /dev/null 2>&1 ----- Content of the *_prune.sh for Linux #!/bin/csh -f set d_current=`date "+%s"` set d_90=`expr ${d_current} - \( 90 \* 24 \* 60 \* 60 \)` set idx=`date -d @${d_90} "+%Y.%m.%d"` curl -XDELETE "http://localhost:9200/elastiflow-${idx}" ----- Alain Hebert ahebert@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443 On 2019-05-18 00:19, Crist Clark wrote:
Been loving Elastiflow. Way overkill for what you need, but it's actually pretty easy to setup.
https://github.com/robcowart/elastiflow
On Fri, May 17, 2019 at 7:25 AM Dennis Burgess via NANOG <nanog@nanog.org> wrote:
I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently.
Thanks in advance.
Dennis Burgess, Mikrotik Certified Trainer
Author of "Learn RouterOS- Second Edition”
Link Technologies, Inc -- Mikrotik & WISP Support Services
Office: 314-735-0270 Website: http://www.linktechs.net
Create Wireless Coverage’s with www.towercoverage.com
The last time I looked, Esastiflow didn't accept a BGP session to learn ASes. Has that changed? ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Crist Clark" <cjc+nanog@pumpky.net> To: "Dennis Burgess" <dmburgess@linktechs.net> Cc: nanog@nanog.org Sent: Friday, May 17, 2019 11:19:02 PM Subject: Re: Free Program to take netflow Been loving Elastiflow. Way overkill for what you need, but it's actually pretty easy to setup. https://github.com/robcowart/elastiflow On Fri, May 17, 2019 at 7:25 AM Dennis Burgess via NANOG <nanog@nanog.org> wrote:
I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently.
Thanks in advance.
Dennis Burgess, Mikrotik Certified Trainer
Author of "Learn RouterOS- Second Edition”
Link Technologies, Inc -- Mikrotik & WISP Support Services
Office: 314-735-0270 Website: http://www.linktechs.net
Create Wireless Coverage’s with www.towercoverage.com
nProbe as well. I was just checking if the setup was made simpler. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Niels Bakker" <niels=nanog@bakker.net> To: nanog@nanog.org Sent: Wednesday, May 22, 2019 8:34:49 AM Subject: Re: Free Program to take netflow * nanog@ics-il.net (Mike Hammett) [Wed 22 May 2019, 14:40 CEST]:
The last time I looked, Esastiflow didn't accept a BGP session to learn ASes. Has that changed?
You can put pmacct inbetween to alleviate this. -- Niels.
I loved using ElastiFlow, but we didn’t quite work out in the end. Here’s my $0.02 - - ElastiFlow setup is easy-ish. - ELK setup is easy-ish. - Scaling ELK is not easy unless you know what you’re doing. If you’ve got enough flows that you need to scale ELK, you’re probably also using multiple flow exporters, at which point this[1] could bite you and if ELK scaling was hard for you, dealing with this might not be trivial until Rob decides how best to bake a fix into EF. I learned ELK because I wanted to use EF, but I only learned enough about ELK to get me by. Having to also learn about REDIS and having to learn more about ELK to make it work with REDIS and EF was a show stopper; I just didn’t have the time. [1] https://github.com/robcowart/elastiflow/issues/205
On May 18, 2019, at 12:19 AM, Crist Clark <cjc+nanog@pumpky.net> wrote:
Been loving Elastiflow. Way overkill for what you need, but it's actually pretty easy to setup.
https://github.com/robcowart/elastiflow
On Fri, May 17, 2019 at 7:25 AM Dennis Burgess via NANOG <nanog@nanog.org> wrote:
I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently.
Thanks in advance.
Dennis Burgess, Mikrotik Certified Trainer
Author of "Learn RouterOS- Second Edition”
Link Technologies, Inc -- Mikrotik & WISP Support Services
Office: 314-735-0270 Website: http://www.linktechs.net
Create Wireless Coverage’s with www.towercoverage.com
Dennis, You might try FlowViewer https://sourceforge.net/projects/flowviewer Fairly easy Linux install over top of SiLK, netflow capture and analysis software from Carnegie-Mellon. SiLK is very robust and FlowViewer provides a web-based interface with extensive analysis, graphing and tracking tools. Filtering includes by AS. You can create an MRTG-like set of long-term graphs for each AS and as a group of top 10 ASes (Last 24 Hours, 7 Days, 4 Weeks, 3 Years.) Best, Joe On 5/17/2019 10:26 AM, Dennis Burgess via NANOG wrote:
I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently.
Thanks in advance.
*LTI-Full_175px*
*Dennis Burgess, Mikrotik Certified Trainer *
Author of "Learn RouterOS- Second Edition”
*Link Technologies, Inc*-- Mikrotik & WISP Support Services
*Office*: 314-735-0270 Website: http://www.linktechs.net <http://www.linktechs.net/>
Create Wireless Coverage’s with www.towercoverage.com
ES, Kibana, pmacct and some glue (JSON to ES batching) ... and of course a lot of time and resources (eg. h/w). Cheers Chris On Sat 18. May 2019 at 18:04, Joe Loiacono <jloiacon@gmail.com> wrote:
Dennis,
You might try FlowViewer https://sourceforge.net/projects/flowviewer
Fairly easy Linux install over top of SiLK, netflow capture and analysis software from Carnegie-Mellon. SiLK is very robust and FlowViewer provides a web-based interface with extensive analysis, graphing and tracking tools. Filtering includes by AS. You can create an MRTG-like set of long-term graphs for each AS and as a group of top 10 ASes (Last 24 Hours, 7 Days, 4 Weeks, 3 Years.)
Best,
Joe On 5/17/2019 10:26 AM, Dennis Burgess via NANOG wrote:
I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently.
Thanks in advance.
*[image: LTI-Full_175px]*
*Dennis Burgess, Mikrotik Certified Trainer *
Author of "Learn RouterOS- Second Edition”
*Link Technologies, Inc* -- Mikrotik & WISP Support Services
*Office*: 314-735-0270 Website: http://www.linktechs.net
Create Wireless Coverage’s with www.towercoverage.com
Please let me clarify. Currently the Netflow data that this customer is sending does NOT supply AS information. So I need something to generate that AS data and display. The goal is to figure out where we need to peer next. Where the top traffic is coming in from (what AS) on our paid transit. Dennis Burgess, From: NANOG <nanog-bounces@nanog.org> On Behalf Of Dennis Burgess via NANOG Sent: Friday, May 17, 2019 9:27 AM To: nanog@nanog.org Subject: Free Program to take netflow I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently. Thanks in advance. Dennis Burgess
Check out AS-Stats¹, with perl-ip2as [1] https://github.com/manuelkasper/AS-Stats On 05/20/2019 03:36 PM, Dennis Burgess via NANOG wrote:
Please let me clarify. Currently the Netflow data that this customer is sending does NOT supply AS information. So I need something to generate that AS data and display. The goal is to figure out where we need to peer next. Where the top traffic is coming in from (what AS) on our paid transit.
Dennis Burgess,
From: NANOG <nanog-bounces@nanog.org> On Behalf Of Dennis Burgess via NANOG Sent: Friday, May 17, 2019 9:27 AM To: nanog@nanog.org Subject: Free Program to take netflow
I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently.
Thanks in advance.
Dennis Burgess
It specifically states it uses AS data from the netflow source. I don't have that ☹ FROM website: collects NetFlow v8/v9 AS aggregation records Dennis Burgess, -----Original Message----- From: NANOG <nanog-bounces@nanog.org> On Behalf Of nanog@jack.fr.eu.org Sent: Monday, May 20, 2019 8:43 AM To: nanog@nanog.org Subject: Re: Free Program to take netflow Check out AS-Stats¹, with perl-ip2as [1] https://github.com/manuelkasper/AS-Stats On 05/20/2019 03:36 PM, Dennis Burgess via NANOG wrote:
Please let me clarify. Currently the Netflow data that this customer is sending does NOT supply AS information. So I need something to generate that AS data and display. The goal is to figure out where we need to peer next. Where the top traffic is coming in from (what AS) on our paid transit.
Dennis Burgess,
From: NANOG <nanog-bounces@nanog.org> On Behalf Of Dennis Burgess via NANOG Sent: Friday, May 17, 2019 9:27 AM To: nanog@nanog.org Subject: Free Program to take netflow
I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently.
Thanks in advance.
Dennis Burgess
I've done that a couple ways. I've used a nProbe license to add the ASN information in. There are other utilities that do this, but I forgot what they are. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Dennis Burgess via NANOG" <nanog@nanog.org> To: nanog@nanog.org Sent: Monday, May 20, 2019 8:36:47 AM Subject: RE: Free Program to take netflow Please let me clarify. Currently the Netflow data that this customer is sending does NOT supply AS information. So I need something to generate that AS data and display. The goal is to figure out where we need to peer next. Where the top traffic is coming in from (what AS) on our paid transit. Dennis Burgess, From: NANOG <nanog-bounces@nanog.org> On Behalf Of Dennis Burgess via NANOG Sent: Friday, May 17, 2019 9:27 AM To: nanog@nanog.org Subject: Free Program to take netflow I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently. Thanks in advance. Dennis Burgess
participants (11)
-
Alain Hebert
-
Christian Meutes
-
Crist Clark
-
Dennis Burgess
-
Denys Fedoryshchenko
-
Hugo Slabbert
-
Jason Lixfeld
-
Joe Loiacono
-
Mike Hammett
-
nanog@jack.fr.eu.org
-
Niels Bakker