Looking for Netflow analysis package

• Previous message (by thread): Looking for Netflow analysis package
• Next message (by thread): Looking for Netflow analysis package
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Not exactly netflow until you set it up as such buy, Graylog2 and LogStash
are OSS. Also, I'll probably be releasing modules and a simple evented
(POE) program in perl soon (don't wait up if you can't deal with code - it
ain't and ain't going to be a web app but a simple framework mainly for the
simplest and fastest parsing regexes).

But all of the modern log aggregation software uses ElasticSearch as a data
store which makes correlation / netflow pretty easy.
On May 14, 2013 9:20 PM, "Joe Loiacono" <jloiacon at csc.com> wrote:

> Check out the FlowViewer/flow-tools/SiLK combo also.
>
> https://sourceforge.net/projects/flowviewer/
>
>
>
> Erik Sundberg <ESundberg at nitelusa.com> wrote on 05/14/2013 06:59:32 PM:
>
> > From: Erik Sundberg <ESundberg at nitelusa.com>
> > To: "nanog at nanog.org" <nanog at nanog.org>
> > Date: 05/14/2013 07:00 PM
> > Subject: Looking for Netflow analysis package
> >
> > Does anyone know of a netflow collector that will do the following.
> > *Graph/List Destination Networks By Top AS
> > *Graph/List Destination Networks By Top IP Address
> > *AS Path Analysis
> > *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..)
> >
> > We will be using this to help us decide who to Peer with and what
> > transit Providers to look at.
> >
> > I am familiar with Arbor Network's Peak Flow utility but it's a
> > little too pricy.
> > I also found AS-Stats https://neon1.net/as-stats/ look promising
> > from the power point on their page.
> >
> > Thanks
> > Erik
> >
> >
> > ________________________________
> >
> > CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents,
> > files or previous e-mail messages attached to it may contain
> > confidential information that is legally privileged. If you are not
> > the intended recipient, or a person responsible for delivering it to
> > the intended recipient, you are hereby notified that any disclosure,
> > copying, distribution or use of any of the information contained in
> > or attached to this transmission is STRICTLY PROHIBITED. If you have
> > received this transmission in error please notify the sender
> > immediately by replying to this e-mail. You must destroy the
> > original transmission and its attachments without reading or saving
> > in any manner. Thank you.
>
>
>

• Previous message (by thread): Looking for Netflow analysis package
• Next message (by thread): Looking for Netflow analysis package
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]