On Thu, 2015-01-15 at 17:08 +0100, [email protected] wrote: > Hello, > > I would like to know which flow-tools you are using in conjunction with > pfflowd / netflow > > I am particularly interested in GUI back-end. > > If you have any good pointer, that would really be helpful. > > > > Sincerely yours.
Softflowd -> Logstash receiver -> Redis -> Logstash indexer -> Elasticsearch -> Kibana Logstash has a Netflow input and then I use the GeoIP and DNS filters to augment the data, finally in Kibana I plot the flows on a map from the GeoIP. That single report has told me an awful lot. For example someone came to our office and had a SSL VPN of some sort, they also use an external web proxy. Before they fired up the VPN their flows were going through European IPs. As soon as the VPN was started, their 443/tcp flows instantly switched to the US. When the VPN was shut down it moved back to Europe. Coincidence - perhaps. I couldn't do much more testing in the time available. Cheers Jon _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
