[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Spiffy Netflow tools?
+1 for ElastiFlow. Couldn't be easier to set up and run. Logstash has
native support for netflow and sflow now via codecs. Kibana is an
easy-to-use dashboard. I trimmed out a bunch of stuff in the ElastiFlow
config that assumed a unidirectional network (like a corporate site).
On Tue, Mar 13, 2018 at 8:48 AM, Luke Guillory <lguillory at reservetele.com>
> There is also https://github.com/robcowart/elastiflow which uses the ELK
> Luke Guillory
> Vice President â?? Technology and Innovation
> Tel: 985.536.1212
> Fax: 985.536.0300
> Email: lguillory at reservetele.com
> Reserve Telecommunications
> 100 RTC Dr
> Reserve, LA 70084
> The information transmitted, including attachments, is intended only for
> the person(s) or entity to which it is addressed and may contain
> confidential and/or privileged material which should not disseminate,
> distribute or be copied. Please notify Luke Guillory immediately by e-mail
> if you have received this e-mail by mistake and delete this e-mail from
> your system. E-mail transmission cannot be guaranteed to be secure or
> error-free as information could be intercepted, corrupted, lost, destroyed,
> arrive late or incomplete, or contain viruses. Luke Guillory therefore does
> not accept liability for any errors or omissions in the contents of this
> message, which arise as a result of e-mail transmission. .
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Hugo Slabbert
> Sent: Tuesday, March 13, 2018 10:44 AM
> To: Fredrik KorsbÃ¤ck
> Cc: nanog at nanog.org
> Subject: Re: Spiffy Netflow tools?
> On Tue 2018-Mar-13 00:50:26 +0100, Fredrik KorsbÃ¤ck <hugge at nordu.net>
> >Kentik is probably top of the foodchain right now.
> >But they are certainly not alone in the biz. Ontop of my head...
> >* Flowmon
> >* Talaia
> >* Arbor Peakflow
> >* Deepfield
> >* Pmacct + supporting toolkit
> >* NFsen/Nfdump/AS-stats
> >* Put kibana/ES infront of any collector
> Logstash has a netflow plugin as of 5.x or something
> (https://www.elastic.co/guide/en/logstash/current/netflow-module.html) to
> act as a collector.
> A walkthrough:
> Using the logstash module setup thing adds a whole bunch of pretty netflow
> graphs and visualizations and such into Kibana for you.
> Supports netflow v5 and v9, but does not indicate support for IPFIX
> explicitly. It definitely does not support sFlow, though if you really
> want you can stick sflowtool in front of it to translate sFlow->netflow,
> e.g. http://blog.sflow.com/2011/12/sflowtool.html.
> >* Solarwinds something something
> >* Different vendor toolkits
> Hugo Slabbert | email, xmpp/jabber: hugo at slabnet.com
> pgp key: B178313E | also on Signal