Hey There,
I was just wondering, for people who are doing netflow analysis with
open source tools and who are doing at least 10k or more flows per
second, what are you using?
I know of three tool sets:
- The classic osu flow-tools and the modern continuation/fork.
- ntop
- nfdump/nfsen
Is there anything else I've missed? A few folks here really seem to like
nfsen/nfdump.
Thanks,
Matt
The good thing about nfdump/nfsen is that you can customize it and do a lot with it, and it's easy to get set up and running.
This is the canonical list of open-source NetFlow tools:
<http://www.switch.ch/network/projects/completed/TF-NGN/floma/software.html>
[..]
Is there anything else I've missed? A few folks here really seem to like
nfsen/nfdump.
For OSS that is pretty much it that really matters (maybe you could add
Argus if you really want though).
For a long long list, check out Simon Leinen's site:
https://www.switch.ch/network/projects/completed/TF-NGN/floma/software.html
Not all of that is OSS though. Lots of these netflow-analyzer tools are
in-house / a bunch-of-scripts-upon-scripts that are to scary to let out
in the open and/or do not scale...
IMHO your best bet is to use nfsen/nfdump as that is the best thing
publicly available.
Greets,
Jeroen
Hi Matt,
I've been using pmacct for quite some time now and I'm more than happy with
the results.
Being able to store all infos in a *SQL db is a killer feature for me.
Also it can speak BGP with your routers so it can grab the AS Path
information which allow us for example to make traffic graphs for a
destination AS aggregated by AS Path (one of my favorites feature I had
with the Arbor peakflow in my previous company).
Pierre-Yves