I haven't played with many GUI tools other than FlowBAT, which is very new, but I have been using SiLK at scale for some time now, and it's been very stable.
Since we run securityonion, I've been using these instructions for installing SiLK/Yaf and configuring rwflowpack: http://www.appliednsm.com/silk-on-security-onion/ (With the latest code version from CERT) it also works for collecting Netflow data if you listen on the right ports. I'm definitely going to look at FlowViewer as an alternative to our plan of getting the SiLK flow records into R and using a chart package. While GUI tools are great, the command-line SiLK tools work very well if you want to know exactly which IPs a host has contacted, at what times, on which ports, and how much data was sent/received. --Larry On Sat, Jan 17, 2015 at 5:27 AM, Mathieu Simon (Lists) < [email protected]> wrote: > Hi > > Am 15.01.2015 um 17:08 schrieb [email protected]: > > > I am particularly interested in GUI back-end. > For a students project on the Uni's HPC cluster co-students and I were > also looking at first for such a tool and stumbled on FlowViewer used > and largely developed at NASA ESDIS: > http://sourceforge.net/projects/flowviewer/ > > FlowViewer was a beast to compile from source, but we made it run and it > look pretty good including graphs and had quite some documentation. Its > collector side supports NetFlow 5, 9 and IPFIX. Back then when we looked > at it looked promising but too big for our needs of a 1-semester > project. If it would have been for a serious deployment, we may have > ended up with that. > > Because of our tight schedule and the excellent examples found in > 'Network Flow Analysis' from the known BSD author Michael W. Lucas we > ended up filtering our NetFlow 5 data using good ol' flow-tools and > plotting data with gnuplot for our final report. > > -- Mathieu > > --- > Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft. > http://www.avast.com > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold >
_______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
