Re: oss netflow collector/trending/analysis
Argus (qosient.com) is worth looking at. Dave Edelman On May 2, 2014, at 12:21, Leslie geekg...@gmail.com wrote: pmacct (http://www.pmacct.net/) is another pretty awesome open source tool. Leslie On Fri, May 2, 2014 at 8:00 AM, Avi Freedman freed...@freedman.net wrote: There's also SiLK from CMU. It's powerful but has a learning curve. I also see pmacct being used both by some end networks and by some vendors as part of systems. Avi Hey There, I was just wondering, for people who are doing netflow analysis with open source tools and who are doing at least 10k or more flows per second, what are you using? I know of three tool sets: - The classic osu flow-tools and the modern continuation/fork. - ntop - nfdump/nfsen Is there anything else I've missed? A few folks here really seem to like nfsen/nfdump. Thanks, Matt
Re: oss netflow collector/trending/analysis
Ntop is somehow open source if I recall. Seemed to work well and was fairly cheap to license. Sent from my T-Mobile 4G LTE Device Original message From: David Edelman dedel...@iname.com Date: 05/04/2014 11:05 AM (GMT-07:00) To: Leslie geekg...@gmail.com Cc: nanog@nanog.org Subject: Re: oss netflow collector/trending/analysis Argus (qosient.com) is worth looking at. Dave Edelman On May 2, 2014, at 12:21, Leslie geekg...@gmail.com wrote: pmacct (http://www.pmacct.net/) is another pretty awesome open source tool. Leslie On Fri, May 2, 2014 at 8:00 AM, Avi Freedman freed...@freedman.net wrote: There's also SiLK from CMU. It's powerful but has a learning curve. I also see pmacct being used both by some end networks and by some vendors as part of systems. Avi Hey There, I was just wondering, for people who are doing netflow analysis with open source tools and who are doing at least 10k or more flows per second, what are you using? I know of three tool sets: - The classic osu flow-tools and the modern continuation/fork. - ntop - nfdump/nfsen Is there anything else I've missed? A few folks here really seem to like nfsen/nfdump. Thanks, Matt
oss netflow collector/trending/analysis
Hey There, I was just wondering, for people who are doing netflow analysis with open source tools and who are doing at least 10k or more flows per second, what are you using? I know of three tool sets: - The classic osu flow-tools and the modern continuation/fork. - ntop - nfdump/nfsen Is there anything else I've missed? A few folks here really seem to like nfsen/nfdump. Thanks, Matt -- Matthew Galgoci Network Operations Red Hat, Inc 919.754.3700 x44155 -- “Whatever you do will be insignificant, but it is very important that you do it.” -- Mahatma Gandhi
Re: oss netflow collector/trending/analysis
On May 2, 2014, at 9:36 PM, Matthew Galgoci mgalg...@redhat.com wrote: A few folks here really seem to like nfsen/nfdump. The good thing about nfdump/nfsen is that you can customize it and do a lot with it, and it's easy to get set up and running. This is the canonical list of open-source NetFlow tools: http://www.switch.ch/network/projects/completed/TF-NGN/floma/software.html --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton
Re: oss netflow collector/trending/analysis
On 2014-05-02 16:36, Matthew Galgoci wrote: [..] Is there anything else I've missed? A few folks here really seem to like nfsen/nfdump. For OSS that is pretty much it that really matters (maybe you could add Argus if you really want though). For a long long list, check out Simon Leinen's site: https://www.switch.ch/network/projects/completed/TF-NGN/floma/software.html Not all of that is OSS though. Lots of these netflow-analyzer tools are in-house / a bunch-of-scripts-upon-scripts that are to scary to let out in the open and/or do not scale... IMHO your best bet is to use nfsen/nfdump as that is the best thing publicly available. Greets, Jeroen
Re: oss netflow collector/trending/analysis
There's also SiLK from CMU. It's powerful but has a learning curve. I also see pmacct being used both by some end networks and by some vendors as part of systems. Avi Hey There, I was just wondering, for people who are doing netflow analysis with open source tools and who are doing at least 10k or more flows per second, what are you using? I know of three tool sets: - The classic osu flow-tools and the modern continuation/fork. - ntop - nfdump/nfsen Is there anything else I've missed? A few folks here really seem to like nfsen/nfdump. Thanks, Matt
Re: oss netflow collector/trending/analysis
pmacct (http://www.pmacct.net/) is another pretty awesome open source tool. Leslie On Fri, May 2, 2014 at 8:00 AM, Avi Freedman freed...@freedman.net wrote: There's also SiLK from CMU. It's powerful but has a learning curve. I also see pmacct being used both by some end networks and by some vendors as part of systems. Avi Hey There, I was just wondering, for people who are doing netflow analysis with open source tools and who are doing at least 10k or more flows per second, what are you using? I know of three tool sets: - The classic osu flow-tools and the modern continuation/fork. - ntop - nfdump/nfsen Is there anything else I've missed? A few folks here really seem to like nfsen/nfdump. Thanks, Matt
Re: oss netflow collector/trending/analysis
NANOG nanog-bounces+jloiacon=csc@nanog.org wrote on 05/02/2014 11:00:15 AM: From: freed...@freedman.net (Avi Freedman) There's also SiLK from CMU. It's powerful but has a learning curve. SiLK is very good. See FlowViewer for a powerful front-end to the tool. http://sourceforge.net/projects/flowviewer/ Also supports flow-tools. Joe
Re: oss netflow collector/trending/analysis
2014-05-02 16:36 GMT+02:00 Matthew Galgoci mgalg...@redhat.com: Hey There, I was just wondering, for people who are doing netflow analysis with open source tools and who are doing at least 10k or more flows per second, what are you using? I know of three tool sets: - The classic osu flow-tools and the modern continuation/fork. - ntop - nfdump/nfsen Is there anything else I've missed? A few folks here really seem to like nfsen/nfdump. Thanks, Matt Hi Matt, I've been using pmacct for quite some time now and I'm more than happy with the results. Being able to store all infos in a *SQL db is a killer feature for me. Also it can speak BGP with your routers so it can grab the AS Path information which allow us for example to make traffic graphs for a destination AS aggregated by AS Path (one of my favorites feature I had with the Arbor peakflow in my previous company). Pierre-Yves
