Re: oss netflow collector/trending/analysis
There's also SiLK from CMU. It's powerful but has a learning curve. I also see pmacct being used both by some end networks and by some vendors as part of systems. Avi
Hey There,
I was just wondering, for people who are doing netflow analysis with open source tools and who are doing at least 10k or more flows per second, what are you using?
I know of three tool sets:
- The classic osu flow-tools and the modern continuation/fork. - ntop - nfdump/nfsen
Is there anything else I've missed? A few folks here really seem to like nfsen/nfdump.
Thanks,
Matt
pmacct (http://www.pmacct.net/) is another pretty awesome open source tool. Leslie On Fri, May 2, 2014 at 8:00 AM, Avi Freedman <freedman@freedman.net> wrote:
There's also SiLK from CMU. It's powerful but has a learning curve.
I also see pmacct being used both by some end networks and by some vendors as part of systems.
Avi
Hey There,
I was just wondering, for people who are doing netflow analysis with open source tools and who are doing at least 10k or more flows per second, what are you using?
I know of three tool sets:
- The classic osu flow-tools and the modern continuation/fork. - ntop - nfdump/nfsen
Is there anything else I've missed? A few folks here really seem to like nfsen/nfdump.
Thanks,
Matt
Argus (qosient.com) is worth looking at. Dave Edelman
On May 2, 2014, at 12:21, Leslie <geekgirl@gmail.com> wrote:
pmacct (http://www.pmacct.net/) is another pretty awesome open source tool.
Leslie
On Fri, May 2, 2014 at 8:00 AM, Avi Freedman <freedman@freedman.net> wrote:
There's also SiLK from CMU. It's powerful but has a learning curve.
I also see pmacct being used both by some end networks and by some vendors as part of systems.
Avi
Hey There,
I was just wondering, for people who are doing netflow analysis with open source tools and who are doing at least 10k or more flows per second, what are you using?
I know of three tool sets:
- The classic osu flow-tools and the modern continuation/fork. - ntop - nfdump/nfsen
Is there anything else I've missed? A few folks here really seem to like nfsen/nfdump.
Thanks,
Matt
Ntop is somehow open source if I recall. Seemed to work well and was fairly cheap to license. Sent from my T-Mobile 4G LTE Device -------- Original message -------- From: David Edelman <dedelman@iname.com> Date: 05/04/2014 11:05 AM (GMT-07:00) To: Leslie <geekgirl@gmail.com> Cc: nanog@nanog.org Subject: Re: oss netflow collector/trending/analysis Argus (qosient.com) is worth looking at. Dave Edelman
On May 2, 2014, at 12:21, Leslie <geekgirl@gmail.com> wrote:
pmacct (http://www.pmacct.net/) is another pretty awesome open source tool.
Leslie
On Fri, May 2, 2014 at 8:00 AM, Avi Freedman <freedman@freedman.net> wrote:
There's also SiLK from CMU. It's powerful but has a learning curve.
I also see pmacct being used both by some end networks and by some vendors as part of systems.
Avi
Hey There,
I was just wondering, for people who are doing netflow analysis with open source tools and who are doing at least 10k or more flows per second, what are you using?
I know of three tool sets:
- The classic osu flow-tools and the modern continuation/fork. - ntop - nfdump/nfsen
Is there anything else I've missed? A few folks here really seem to like nfsen/nfdump.
Thanks,
Matt
"NANOG" <nanog-bounces+jloiacon=csc.com@nanog.org> wrote on 05/02/2014 11:00:15 AM:
From: freedman@freedman.net (Avi Freedman)
There's also SiLK from CMU. It's powerful but has a learning curve.
SiLK is very good. See FlowViewer for a powerful front-end to the tool. http://sourceforge.net/projects/flowviewer/ Also supports flow-tools. Joe
participants (5)
-
David Edelman -
freedman@freedman.net -
Joe Loiacono -
Leslie -
Warren Bailey