Spiffy Netflow tools?

Wed Mar 14 01:21:48 UTC 2018

How scalable is ElastiFlow ? Let say I will dump 90kflow/s, how big
elasticsearch farm do I need to comfortably store and work with at least
couple weeks of data ?

right now in NFSEN it takes about 3T in disk space and minutes for
simple reports if it spans few time default time intervals.

Thank you.

On Tue, Mar 13, 2018 at 6:18 PM, Chase Christian <madsushi at gmail.com> wrote:

>  +1 for ElastiFlow. Couldn't be easier to set up and run. Logstash has
> native support for netflow and sflow now via codecs. Kibana is an
> easy-to-use dashboard. I trimmed out a bunch of stuff in the ElastiFlow
> config that assumed a unidirectional network (like a corporate site).
>
> On Tue, Mar 13, 2018 at 8:48 AM, Luke Guillory <lguillory at reservetele.com>
> wrote:
>
> > There is also https://github.com/robcowart/elastiflow which uses the ELK
> > stack.
> >
> >
> >
> >
> >
> > Luke Guillory
> > Vice President – Technology and Innovation
> >
> > Tel:    985.536.1212
> > Fax:    985.536.0300
> > Email:  lguillory at reservetele.com
> >
> > Reserve Telecommunications
> > 100 RTC Dr
> > Reserve, LA 70084
> >
> > ____________________________________________________________
> > _____________________________________
> >
> > Disclaimer:
> > The information transmitted, including attachments, is intended only for
> > the person(s) or entity to which it is addressed and may contain
> > confidential and/or privileged material which should not disseminate,
> > distribute or be copied. Please notify Luke Guillory immediately by
> e-mail
> > if you have received this e-mail by mistake and delete this e-mail from
> > your system. E-mail transmission cannot be guaranteed to be secure or
> > error-free as information could be intercepted, corrupted, lost,
> destroyed,
> > arrive late or incomplete, or contain viruses. Luke Guillory therefore
> does
> > not accept liability for any errors or omissions in the contents of this
> > message, which arise as a result of e-mail transmission. .
> >
> > -----Original Message-----
> > From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Hugo Slabbert
> > Sent: Tuesday, March 13, 2018 10:44 AM
> > To: Fredrik Korsbäck
> > Cc: nanog at nanog.org
> > Subject: Re: Spiffy Netflow tools?
> >
> >
> > On Tue 2018-Mar-13 00:50:26 +0100, Fredrik Korsbäck <hugge at nordu.net>
> > wrote:
> > >
> > >Kentik is probably top of the foodchain right now.
> > >
> > >But they are certainly not alone in the biz. Ontop of my head...
> > >
> > >* Flowmon
> > >* Talaia
> > >* Arbor Peakflow
> > >* Deepfield
> > >* Pmacct + supporting toolkit
> > >* NFsen/Nfdump/AS-stats
> > >* Put kibana/ES infront of any collector
> >
> > Logstash has a netflow plugin as of 5.x or something
> > (https://www.elastic.co/guide/en/logstash/current/netflow-module.html)
> to
> > act as a collector.
> >
> > A walkthrough:
> > http://www.routereflector.com/2017/07/elk-as-a-free-netflow-
> > ipfix-collector-and-visualizer/
> >
> > Using the logstash module setup thing adds a whole bunch of pretty
> netflow
> > graphs and visualizations and such into Kibana for you.
> >
> > Caveat:
> > Supports netflow v5 and v9, but does not indicate support for IPFIX
> > explicitly.  It definitely does not support sFlow, though if you really
> > want you can stick sflowtool in front of it to translate sFlow->netflow,
> > e.g. http://blog.sflow.com/2011/12/sflowtool.html.
> >
> > >* Solarwinds something something
> > >* Different vendor toolkits
> > >
> > >--
> > >hugge
> >
> > --
> > Hugo Slabbert       | email, xmpp/jabber: hugo at slabnet.com
> > pgp key: B178313E   | also on Signal
> >
>

-- 
-- 
Vitaly Nikolaev