Spiffy Netflow tools?

• Previous message (by thread): Spiffy Netflow tools?
• Next message (by thread): Spiffy Netflow tools?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 +1 for ElastiFlow. Couldn't be easier to set up and run. Logstash has
native support for netflow and sflow now via codecs. Kibana is an
easy-to-use dashboard. I trimmed out a bunch of stuff in the ElastiFlow
config that assumed a unidirectional network (like a corporate site).

On Tue, Mar 13, 2018 at 8:48 AM, Luke Guillory <lguillory at reservetele.com>
wrote:

> There is also https://github.com/robcowart/elastiflow which uses the ELK
> stack.
>
>
>
>
>
> Luke Guillory
> Vice President – Technology and Innovation
>
> Tel:    985.536.1212
> Fax:    985.536.0300
> Email:  lguillory at reservetele.com
>
> Reserve Telecommunications
> 100 RTC Dr
> Reserve, LA 70084
>
> ____________________________________________________________
> _____________________________________
>
> Disclaimer:
> The information transmitted, including attachments, is intended only for
> the person(s) or entity to which it is addressed and may contain
> confidential and/or privileged material which should not disseminate,
> distribute or be copied. Please notify Luke Guillory immediately by e-mail
> if you have received this e-mail by mistake and delete this e-mail from
> your system. E-mail transmission cannot be guaranteed to be secure or
> error-free as information could be intercepted, corrupted, lost, destroyed,
> arrive late or incomplete, or contain viruses. Luke Guillory therefore does
> not accept liability for any errors or omissions in the contents of this
> message, which arise as a result of e-mail transmission. .
>
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Hugo Slabbert
> Sent: Tuesday, March 13, 2018 10:44 AM
> To: Fredrik Korsbäck
> Cc: nanog at nanog.org
> Subject: Re: Spiffy Netflow tools?
>
>
> On Tue 2018-Mar-13 00:50:26 +0100, Fredrik Korsbäck <hugge at nordu.net>
> wrote:
> >
> >Kentik is probably top of the foodchain right now.
> >
> >But they are certainly not alone in the biz. Ontop of my head...
> >
> >* Flowmon
> >* Talaia
> >* Arbor Peakflow
> >* Deepfield
> >* Pmacct + supporting toolkit
> >* NFsen/Nfdump/AS-stats
> >* Put kibana/ES infront of any collector
>
> Logstash has a netflow plugin as of 5.x or something
> (https://www.elastic.co/guide/en/logstash/current/netflow-module.html) to
> act as a collector.
>
> A walkthrough:
> http://www.routereflector.com/2017/07/elk-as-a-free-netflow-
> ipfix-collector-and-visualizer/
>
> Using the logstash module setup thing adds a whole bunch of pretty netflow
> graphs and visualizations and such into Kibana for you.
>
> Caveat:
> Supports netflow v5 and v9, but does not indicate support for IPFIX
> explicitly.  It definitely does not support sFlow, though if you really
> want you can stick sflowtool in front of it to translate sFlow->netflow,
> e.g. http://blog.sflow.com/2011/12/sflowtool.html.
>
> >* Solarwinds something something
> >* Different vendor toolkits
> >
> >--
> >hugge
>
> --
> Hugo Slabbert       | email, xmpp/jabber: hugo at slabnet.com
> pgp key: B178313E   | also on Signal
>

• Previous message (by thread): Spiffy Netflow tools?
• Next message (by thread): Spiffy Netflow tools?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]