Spiffy Netflow tools?
nvitaly at gmail.com
Wed Mar 14 01:21:48 UTC 2018
How scalable is ElastiFlow ? Let say I will dump 90kflow/s, how big
elasticsearch farm do I need to comfortably store and work with at least
couple weeks of data ?
right now in NFSEN it takes about 3T in disk space and minutes for
simple reports if it spans few time default time intervals.
On Tue, Mar 13, 2018 at 6:18 PM, Chase Christian <madsushi at gmail.com> wrote:
> +1 for ElastiFlow. Couldn't be easier to set up and run. Logstash has
> native support for netflow and sflow now via codecs. Kibana is an
> easy-to-use dashboard. I trimmed out a bunch of stuff in the ElastiFlow
> config that assumed a unidirectional network (like a corporate site).
> On Tue, Mar 13, 2018 at 8:48 AM, Luke Guillory <lguillory at reservetele.com>
> > There is also https://github.com/robcowart/elastiflow which uses the ELK
> > stack.
> > Luke Guillory
> > Vice President – Technology and Innovation
> > Tel: 985.536.1212
> > Fax: 985.536.0300
> > Email: lguillory at reservetele.com
> > Reserve Telecommunications
> > 100 RTC Dr
> > Reserve, LA 70084
> > ____________________________________________________________
> > _____________________________________
> > Disclaimer:
> > The information transmitted, including attachments, is intended only for
> > the person(s) or entity to which it is addressed and may contain
> > confidential and/or privileged material which should not disseminate,
> > distribute or be copied. Please notify Luke Guillory immediately by
> > if you have received this e-mail by mistake and delete this e-mail from
> > your system. E-mail transmission cannot be guaranteed to be secure or
> > error-free as information could be intercepted, corrupted, lost,
> > arrive late or incomplete, or contain viruses. Luke Guillory therefore
> > not accept liability for any errors or omissions in the contents of this
> > message, which arise as a result of e-mail transmission. .
> > -----Original Message-----
> > From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Hugo Slabbert
> > Sent: Tuesday, March 13, 2018 10:44 AM
> > To: Fredrik Korsbäck
> > Cc: nanog at nanog.org
> > Subject: Re: Spiffy Netflow tools?
> > On Tue 2018-Mar-13 00:50:26 +0100, Fredrik Korsbäck <hugge at nordu.net>
> > wrote:
> > >
> > >Kentik is probably top of the foodchain right now.
> > >
> > >But they are certainly not alone in the biz. Ontop of my head...
> > >
> > >* Flowmon
> > >* Talaia
> > >* Arbor Peakflow
> > >* Deepfield
> > >* Pmacct + supporting toolkit
> > >* NFsen/Nfdump/AS-stats
> > >* Put kibana/ES infront of any collector
> > Logstash has a netflow plugin as of 5.x or something
> > (https://www.elastic.co/guide/en/logstash/current/netflow-module.html)
> > act as a collector.
> > A walkthrough:
> > http://www.routereflector.com/2017/07/elk-as-a-free-netflow-
> > ipfix-collector-and-visualizer/
> > Using the logstash module setup thing adds a whole bunch of pretty
> > graphs and visualizations and such into Kibana for you.
> > Caveat:
> > Supports netflow v5 and v9, but does not indicate support for IPFIX
> > explicitly. It definitely does not support sFlow, though if you really
> > want you can stick sflowtool in front of it to translate sFlow->netflow,
> > e.g. http://blog.sflow.com/2011/12/sflowtool.html.
> > >* Solarwinds something something
> > >* Different vendor toolkits
> > >
> > >--
> > >hugge
> > --
> > Hugo Slabbert | email, xmpp/jabber: hugo at slabnet.com
> > pgp key: B178313E | also on Signal
More information about the NANOG