Re: Free Program to take netflow
nProbe as well. I was just checking if the setup was made simpler. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Niels Bakker" To: nanog@nanog.org Sent: Wednesday, May 22, 2019 8:34:49 AM Subject: Re: Free Program to take netflow * na...@ics-il.net (Mike Hammett) [Wed 22 May 2019, 14:40 CEST]: >The last time I looked, Esastiflow didn't accept a BGP session to learn ASes. >Has that changed? You can put pmacct inbetween to alleviate this. -- Niels.
Re: Free Program to take netflow
* na...@ics-il.net (Mike Hammett) [Wed 22 May 2019, 14:40 CEST]: The last time I looked, Esastiflow didn't accept a BGP session to learn ASes. Has that changed? You can put pmacct inbetween to alleviate this. -- Niels.
Re: Free Program to take netflow
I loved using ElastiFlow, but we didn’t quite work out in the end. Here’s my $0.02 - - ElastiFlow setup is easy-ish. - ELK setup is easy-ish. - Scaling ELK is not easy unless you know what you’re doing. If you’ve got enough flows that you need to scale ELK, you’re probably also using multiple flow exporters, at which point this[1] could bite you and if ELK scaling was hard for you, dealing with this might not be trivial until Rob decides how best to bake a fix into EF. I learned ELK because I wanted to use EF, but I only learned enough about ELK to get me by. Having to also learn about REDIS and having to learn more about ELK to make it work with REDIS and EF was a show stopper; I just didn’t have the time. [1] https://github.com/robcowart/elastiflow/issues/205 > On May 18, 2019, at 12:19 AM, Crist Clark wrote: > > Been loving Elastiflow. Way overkill for what you need, but it's > actually pretty easy to setup. > > https://github.com/robcowart/elastiflow > > > On Fri, May 17, 2019 at 7:25 AM Dennis Burgess via NANOG > wrote: >> >> I am looking for a free program to take netflow and output what the top >> traffic ASes to and from my AS are. Something that we can look at every >> once in a while, and/or spin up and get data then shutdown.. Just have two >> ports need netflow from currently. >> >> >> >> Thanks in advance. >> >> >> >> >> >> Dennis Burgess, Mikrotik Certified Trainer >> >> Author of "Learn RouterOS- Second Edition” >> >> Link Technologies, Inc -- Mikrotik & WISP Support Services >> >> Office: 314-735-0270 Website: http://www.linktechs.net >> >> Create Wireless Coverage’s with www.towercoverage.com >> >>
Re: Free Program to take netflow
The last time I looked, Esastiflow didn't accept a BGP session to learn ASes. Has that changed? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Crist Clark" To: "Dennis Burgess" Cc: nanog@nanog.org Sent: Friday, May 17, 2019 11:19:02 PM Subject: Re: Free Program to take netflow Been loving Elastiflow. Way overkill for what you need, but it's actually pretty easy to setup. https://github.com/robcowart/elastiflow On Fri, May 17, 2019 at 7:25 AM Dennis Burgess via NANOG wrote: > > I am looking for a free program to take netflow and output what the top > traffic ASes to and from my AS are. Something that we can look at every once > in a while, and/or spin up and get data then shutdown.. Just have two ports > need netflow from currently. > > > > Thanks in advance. > > > > > > Dennis Burgess, Mikrotik Certified Trainer > > Author of "Learn RouterOS- Second Edition” > > Link Technologies, Inc -- Mikrotik & WISP Support Services > > Office: 314-735-0270 Website: http://www.linktechs.net > > Create Wireless Coverage’s with www.towercoverage.com > >
Re: Free Program to take netflow
+1 for elasticflow
But make sure to clear the indexes, as it wasn't included with the
project, when we installed ours.
Here's our solution that delete them after 90 days.
- Crontab
0 12 * * * (cd /usr/local//scripts; ./corp>_elastiflow_prune.sh) > /dev/null 2>&1
- Content of the *_prune.sh for Linux
#!/bin/csh -f
set d_current=`date "+%s"`
set d_90=`expr ${d_current} - \( 90 \* 24 \* 60 \* 60 \)`
set idx=`date -d @${d_90} "+%Y.%m.%d"`
curl -XDELETE "http://localhost:9200/elastiflow-${idx};
-
Alain Hebertaheb...@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443
On 2019-05-18 00:19, Crist Clark wrote:
Been loving Elastiflow. Way overkill for what you need, but it's
actually pretty easy to setup.
https://github.com/robcowart/elastiflow
On Fri, May 17, 2019 at 7:25 AM Dennis Burgess via NANOG
wrote:
I am looking for a free program to take netflow and output what the top traffic
ASes to and from my AS are. Something that we can look at every once in a
while, and/or spin up and get data then shutdown.. Just have two ports need
netflow from currently.
Thanks in advance.
Dennis Burgess, Mikrotik Certified Trainer
Author of "Learn RouterOS- Second Edition”
Link Technologies, Inc -- Mikrotik & WISP Support Services
Office: 314-735-0270 Website: http://www.linktechs.net
Create Wireless Coverage’s with www.towercoverage.com
Re: Free Program to take netflow
I've done that a couple ways. I've used a nProbe license to add the ASN information in. There are other utilities that do this, but I forgot what they are. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Dennis Burgess via NANOG" To: nanog@nanog.org Sent: Monday, May 20, 2019 8:36:47 AM Subject: RE: Free Program to take netflow Please let me clarify. Currently the Netflow data that this customer is sending does NOT supply AS information. So I need something to generate that AS data and display. The goal is to figure out where we need to peer next. Where the top traffic is coming in from (what AS) on our paid transit. Dennis Burgess, From: NANOG On Behalf Of Dennis Burgess via NANOG Sent: Friday, May 17, 2019 9:27 AM To: nanog@nanog.org Subject: Free Program to take netflow I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently. Thanks in advance. Dennis Burgess
RE: Free Program to take netflow
It specifically states it uses AS data from the netflow source. I don't have that ☹ FROM website: collects NetFlow v8/v9 AS aggregation records Dennis Burgess, -Original Message- From: NANOG On Behalf Of na...@jack.fr.eu.org Sent: Monday, May 20, 2019 8:43 AM To: nanog@nanog.org Subject: Re: Free Program to take netflow Check out AS-Stats¹, with perl-ip2as [1] https://github.com/manuelkasper/AS-Stats On 05/20/2019 03:36 PM, Dennis Burgess via NANOG wrote: > Please let me clarify. Currently the Netflow data that this customer is > sending does NOT supply AS information. So I need something to generate that > AS data and display. The goal is to figure out where we need to peer next. > Where the top traffic is coming in from (what AS) on our paid transit. > > > > Dennis Burgess, > > From: NANOG On Behalf Of Dennis Burgess via NANOG > Sent: Friday, May 17, 2019 9:27 AM > To: nanog@nanog.org > Subject: Free Program to take netflow > > I am looking for a free program to take netflow and output what the top > traffic ASes to and from my AS are. Something that we can look at every > once in a while, and/or spin up and get data then shutdown.. Just have two > ports need netflow from currently. > > Thanks in advance. > > > > Dennis Burgess > >
Re: Free Program to take netflow
Check out AS-Stats¹, with perl-ip2as [1] https://github.com/manuelkasper/AS-Stats On 05/20/2019 03:36 PM, Dennis Burgess via NANOG wrote: > Please let me clarify. Currently the Netflow data that this customer is > sending does NOT supply AS information. So I need something to generate that > AS data and display. The goal is to figure out where we need to peer next. > Where the top traffic is coming in from (what AS) on our paid transit. > > > > Dennis Burgess, > > From: NANOG On Behalf Of Dennis Burgess via NANOG > Sent: Friday, May 17, 2019 9:27 AM > To: nanog@nanog.org > Subject: Free Program to take netflow > > I am looking for a free program to take netflow and output what the top > traffic ASes to and from my AS are. Something that we can look at every > once in a while, and/or spin up and get data then shutdown.. Just have two > ports need netflow from currently. > > Thanks in advance. > > > > Dennis Burgess > >
RE: Free Program to take netflow
Please let me clarify. Currently the Netflow data that this customer is sending does NOT supply AS information. So I need something to generate that AS data and display. The goal is to figure out where we need to peer next. Where the top traffic is coming in from (what AS) on our paid transit. Dennis Burgess, From: NANOG On Behalf Of Dennis Burgess via NANOG Sent: Friday, May 17, 2019 9:27 AM To: nanog@nanog.org Subject: Free Program to take netflow I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently. Thanks in advance. Dennis Burgess
Re: Free Program to take netflow
ES, Kibana, pmacct and some glue (JSON to ES batching) ... and of course a lot of time and resources (eg. h/w). Cheers Chris On Sat 18. May 2019 at 18:04, Joe Loiacono wrote: > Dennis, > > You might try FlowViewer https://sourceforge.net/projects/flowviewer > > Fairly easy Linux install over top of SiLK, netflow capture and analysis > software from Carnegie-Mellon. SiLK is very robust and FlowViewer provides > a web-based interface with extensive analysis, graphing and tracking tools. > Filtering includes by AS. You can create an MRTG-like set of long-term > graphs for each AS and as a group of top 10 ASes (Last 24 Hours, 7 Days, 4 > Weeks, 3 Years.) > > Best, > > Joe > On 5/17/2019 10:26 AM, Dennis Burgess via NANOG wrote: > > I am looking for a free program to take netflow and output what the top > traffic ASes to and from my AS are. Something that we can look at every > once in a while, and/or spin up and get data then shutdown.. Just have two > ports need netflow from currently. > > > > Thanks in advance. > > > > > > *[image: LTI-Full_175px]* > > *Dennis Burgess, Mikrotik Certified Trainer * > > Author of "Learn RouterOS- Second Edition” > > *Link Technologies, Inc* -- Mikrotik & WISP Support Services > > *Office*: 314-735-0270 Website: http://www.linktechs.net > > Create Wireless Coverage’s with www.towercoverage.com > > > >
Re: Free Program to take netflow
Dennis, You might try FlowViewer https://sourceforge.net/projects/flowviewer Fairly easy Linux install over top of SiLK, netflow capture and analysis software from Carnegie-Mellon. SiLK is very robust and FlowViewer provides a web-based interface with extensive analysis, graphing and tracking tools. Filtering includes by AS. You can create an MRTG-like set of long-term graphs for each AS and as a group of top 10 ASes (Last 24 Hours, 7 Days, 4 Weeks, 3 Years.) Best, Joe On 5/17/2019 10:26 AM, Dennis Burgess via NANOG wrote: I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently. Thanks in advance. *LTI-Full_175px* *Dennis Burgess, Mikrotik Certified Trainer * Author of "Learn RouterOS- Second Edition” *Link Technologies, Inc*-- Mikrotik & WISP Support Services *Office*: 314-735-0270 Website: http://www.linktechs.net <http://www.linktechs.net/> Create Wireless Coverage’s with www.towercoverage.com
Re: Free Program to take netflow
Also was a favourite last time this discussion popped up (in recent memory): https://mailman.nanog.org/pipermail/nanog/2018-March/094490.html -- Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com pgp key: B178313E | also on Signal On Fri 2019-May-17 21:19:02 -0700, Crist Clark wrote: Been loving Elastiflow. Way overkill for what you need, but it's actually pretty easy to setup. https://github.com/robcowart/elastiflow On Fri, May 17, 2019 at 7:25 AM Dennis Burgess via NANOG wrote: I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently. Thanks in advance. Dennis Burgess, Mikrotik Certified Trainer Author of "Learn RouterOS- Second Edition” Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net Create Wireless Coverage’s with www.towercoverage.com signature.asc Description: Digital signature
Re: Free Program to take netflow
Been loving Elastiflow. Way overkill for what you need, but it's actually pretty easy to setup. https://github.com/robcowart/elastiflow On Fri, May 17, 2019 at 7:25 AM Dennis Burgess via NANOG wrote: > > I am looking for a free program to take netflow and output what the top > traffic ASes to and from my AS are. Something that we can look at every > once in a while, and/or spin up and get data then shutdown.. Just have two > ports need netflow from currently. > > > > Thanks in advance. > > > > > > Dennis Burgess, Mikrotik Certified Trainer > > Author of "Learn RouterOS- Second Edition” > > Link Technologies, Inc -- Mikrotik & WISP Support Services > > Office: 314-735-0270 Website: http://www.linktechs.net > > Create Wireless Coverage’s with www.towercoverage.com > >
Re: Free Program to take netflow
* nanog@nanog.org (Dennis Burgess via NANOG) [Fri 17 May 2019, 16:25 CEST]: I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently. It sounds like https://blog.apnic.net/2017/01/26/traffic-analysis-better-peering/ would be right up your alley. -- Niels.
Re: Free Program to take netflow
Fastnetmon have that: https://fastnetmon.com/fastnetmon-advanced-traffic-persistency/ I used it for such purposes. On 2019-05-17 17:26, Dennis Burgess via NANOG wrote: I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently. Thanks in advance. DENNIS BURGESS, MIKROTIK CERTIFIED TRAINER Author of "Learn RouterOS- Second Edition" LINK TECHNOLOGIES, INC -- Mikrotik & WISP Support Services OFFICE: 314-735-0270 Website: http://www.linktechs.net [1] Create Wireless Coverage's with www.towercoverage.com [2] Links: -- [1] http://www.linktechs.net/ [2] http://germany.nuclearcat.com/www.towercoverage.com
Free Program to take netflow
I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are. Something that we can look at every once in a while, and/or spin up and get data then shutdown.. Just have two ports need netflow from currently. Thanks in advance. [LTI-Full_175px] Dennis Burgess, Mikrotik Certified Trainer Author of "Learn RouterOS- Second Edition" Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net<http://www.linktechs.net/> Create Wireless Coverage's with www.towercoverage.com
