Hi Jason - > Message: 3 > > I am fairly new to analyzing netflow data and was wondering if anyone > could offer some suggestions. We are currently sending exports from a > cisco router to an instance of flow-capture which is storing it for > later retrieval. I would like to have a system that will store the > data like it always has, but then also send a copy of the same data to > another server where it would be stored in a MySQL DB. Then, I would > like to be able to have graphs created from the DB data, as well as > being able to perform some analysis to detect traffic anomalies.
To do this without driving yourself insane, I'd suggest JKFlow (http://jkflow.sourceforge.net) and a web front-end to flow-tools (flow-report, flow-nfilter, etc.). I'll send you a few screenshots out of our system off-list so you can get a feel for what you can get with a little careful hackery. We had attempted to store our flow data in a database - it worked great in a test environment, but quickly became time- and space- prohibitive when we started throwing production flow data at it (bottom line: You can have fast inserts or fast selects, but you can't get both). A database may be suitable for storing aggregated data, but probably won't hold up well if you're capturing individual flows for detailed analysis. I'm currently working on ways to automate analysis of the RRD files generated for JKFlow - we don't have anything usable yet, but hopefully soon :). -MG _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
