flow -> web

i have a few routers of various flavors spewing netflow data.
currently i use flowtools, and get text reports via email.
but they're soooo 20th century.

what will accept flow data from the routers and give me a sexy
web page or two showing the elephant apps and sites? has to
be in freebsd ports tree, as i don't have much time to spend
on this.

randy

nfsen (http://nfsen.sourceforge.net) and nfdump (http://nfdump.sourceforge.net) look like a decent stab at what you want. nfdump is the data collector and nfsen is the sexy-web-page-maker. I don't know if it's in the freebsd ports tree though...

jms

Justin M. Streiner wrote:

i have a few routers of various flavors spewing netflow data.
currently i use flowtools, and get text reports via email.
but they're soooo 20th century.

what will accept flow data from the routers and give me a sexy
web page or two showing the elephant apps and sites? has to
be in freebsd ports tree, as i don't have much time to spend
on this.

ntop off the cuff. In the ports tree.

Stager looks interesting too, not in the ports tree but had FreeBSD specific
documentation:

http://software.uninett.no/stager/?page=docs

--Peter

Never did like ntop, always used a lot of memory, and has never been stable. Also no history, just 'current'.

Hello,

folk have asked me to summarize. so here it goes

"Justin M. Streiner" <streiner@cluebyfour.org> and Nicolas Strina
<nicolas.strina@noc.ip-man.net> recommended the nfdump nfsen pair,

    http://nfsen.sourceforge.net
    http://nfdump.sourceforge.net

Chris Kuethe <chris.kuethe@gmail.com> and Peter Wohlers
<pedro@whack.org> recommended ntop

    http://www.ntop.org/

Peter Wohlers <pedro@whack.org> also recommended Stager

    http://software.uninett.no/stager/?page=docs

Steven Rakick <stevenrakick@yahoo.com> recommended nSight

    http://www.obtuse.net/software/nsight

Tony Hacche <hacche@gmail.com> recommended Crannog's NetFlow
Tracker

    http://www.crannog-software.com/index.php?go=Product.ShowDetail&ProductID=1

Jared Mauch <jared@puck.nether.net> has a tool to detect and
highlight ddos symptoms, but it does not have per-protocol sexy
graphs. looks very useful for ddos detection, though

If one does not wanna use netflow, but ipaccounting, then this is a also a
nice solution...
http://ipacco.sourceforge.net/index.php

tom from munich/germany

-----Urspr�ngliche Nachricht-----