Netflow Tool

Michael Hertrick mike.hertrick at neovera.com
Fri Sep 17 20:46:22 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Gatti wrote:
> Anyone out there using a good netflow collector that has the capability data to export to CSV?
> Open Source would be best, but any suggestions are welcome. 

There are so many ways to do it.  Once you capture the flow data and
store it in raw files, it's just a matter of filtering and converting
the data to whatever format you want.  The flow-tools suite has
everything you'd need if you wanted to write some scripts of your own.
For example, flow-export takes a raw flow file as input and can output
in various formats, including ASCII CSV.  See `man flow-tools` for more
information on flow-export and other useful flow tools.

That said, I'm using a variation of this setup, from Robert S. Galloway:
http://www.dynamicnetworks.us/netflow/

If you set it up as documented by Mr. Galloway, you'll end up with your
netflow data (IIRC, just networks, octets, and packets) organized into
various RRD files, depending on how you set up CUFlow.cf.  For example,
one RRD file per customer.  By default, flowscan will delete the raw
flow files after it parses them into RRDs.  Optionally, you can retain
your raw flow files by creating a "saved" directory in your flows path
(see flowscan docs).

For visualization, I import the RRD files into Cacti.  For CSV output I
wrote a perl script.  It pulls data from the resulting RRD files,
computes the 95th percentile(s), among other things, and e-mails the
CSV(s) to the appropriate people at the appropriate times.

Like I said, though, there are so many ways to do it.  The way you need
to do it will depend on what you're trying to get out of the netflow data.

Regards,
Michael Hertrick
Neovera, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkyT05oACgkQcJVdtfpkLb85lQCfTBLcpfZMxqszfHNFUV7opFVj
1DQAoI0wGv9NgefnwDpTv5e2+BDoMQbV
=Hzrs
-----END PGP SIGNATURE-----




More information about the NANOG mailing list