On 18/08/2021 09:45, Peter Haag wrote:
nfsen is *very* old code, and actually I wanted to rewrite a new version, which
got delayed and finally aborted for a number of reasons.
I could consider to give it a go again, but I am still uncertain if it would
still be used these days. Feedback would be appreciated.
If there would be a new NfSen incarnation, I would write it in Golang as it
provides far more flexibility and speed. I am not a exceptionally gifted
GUI/Web developer - maybe someone would be willing to support. However, also
for a new NfSen, I could prefer KISS
- easy of use and - hopefully - fast.
A maintained replacement for NFSen would be extremely welcome!
I see two aspects to this:
1. the web UI for selecting time ranges and drilling down to netflow queries
2. the creation and storage of graphs of flow data (i.e. summaries by
protocol, and user-defined channels)
As regards (1): whilst the UI of NFSen is very much web-1.0, it is
straightforward, practical and usable in real world scenarios.
Attempts to "modernise" the UI, as in nfsen-ng, have made it unusable.
Just try selecting time ranges: things zoom horizontally, making it very
difficult to change to a wider time range. In my opinion, it's a
complete fail. Selecting time ranges is the main /raison d'être/ of NFSen.
As regards (2): I would be very happy to see rrdtool dropped entirely
and replaced by something modern, like Prometheus. This could be very
simple to implement: the nfsen backend simply filters and counts flow
records, and exposes the counters as prometheus metrics. Then
prometheus scrapes them. This could be done at a finer granularity than
today, e.g. 1 minute or better. (In fact, since prometheus considers
timeseries "stale" after 5 minutes of no data, it's recommended that you
scrape *at least* every 2 minutes. And the cost of doing so is much
lower than rrdtool). Apart from being efficient and scalable, the
Prometheus ecosystem opens up a whole range of possibilities around
dashboards and alerting - and it means there's no need to re-implement
alerts in NFSen.
nfsen-ng missed this opportunity too.
Regards,
Brian.
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
