[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Spiffy Netflow tools?

There is also https://github.com/robcowart/elastiflow which uses the ELK stack.

Luke Guillory
Vice President â?? Technology and Innovation

Tel:    985.536.1212
Fax:    985.536.0300
Email:  lguillory at reservetele.com

Reserve Telecommunications
100 RTC Dr
Reserve, LA 70084


The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material which should not disseminate, distribute or be copied. Please notify Luke Guillory immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Luke Guillory therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. .

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Hugo Slabbert
Sent: Tuesday, March 13, 2018 10:44 AM
To: Fredrik Korsbäck
Cc: nanog at nanog.org
Subject: Re: Spiffy Netflow tools?

On Tue 2018-Mar-13 00:50:26 +0100, Fredrik Korsbäck <hugge at nordu.net> wrote:
>Kentik is probably top of the foodchain right now.
>But they are certainly not alone in the biz. Ontop of my head...
>* Flowmon
>* Talaia
>* Arbor Peakflow
>* Deepfield
>* Pmacct + supporting toolkit
>* NFsen/Nfdump/AS-stats
>* Put kibana/ES infront of any collector

Logstash has a netflow plugin as of 5.x or something
(https://www.elastic.co/guide/en/logstash/current/netflow-module.html) to act as a collector.

A walkthrough:

Using the logstash module setup thing adds a whole bunch of pretty netflow graphs and visualizations and such into Kibana for you.

Supports netflow v5 and v9, but does not indicate support for IPFIX explicitly.  It definitely does not support sFlow, though if you really want you can stick sflowtool in front of it to translate sFlow->netflow, e.g. http://blog.sflow.com/2011/12/sflowtool.html.

>* Solarwinds something something
>* Different vendor toolkits

Hugo Slabbert       | email, xmpp/jabber: hugo at slabnet.com
pgp key: B178313E   | also on Signal