[EXTERNAL] Re: Flow collection and analysis
John Schiel
jschiel at flowtools.net
Wed Jan 26 00:11:19 UTC 2022
Samplicator is a nifty tool.
--John
On 1/25/22 16:50, Compton, Rich A wrote:
>
> Elastiflow is pretty cool. https://www.elastiflow.com or the old open
> source version: https://github.com/robcowart/elastiflow
>
> You can pretty much do the same thing with Elastic’s filebeat
> (https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-netflow.html).
>
>
> Pmacct is also good for grabbing netflow http://www.pmacct.net and
> sending it somewhere (file, database, kafka, etc.) You can also grab
> BMP and streaming telemetry with it.
>
> If you’re looking for open source DDoS detection using netflow, check
> out https://github.com/pavel-odintsov/fastnetmon
>
> Shameless plug, check out my tool to look for spoofed UDP
> amplification request traffic coming into your network
> https://github.com/racompton/tattle-tale
>
> FYI, you can send netflow to multiple collectors with
> https://github.com/sleinen/samplicator
>
> -Rich
>
> *From: *NANOG <nanog-bounces+rich.compton=charter.com at nanog.org> on
> behalf of David Bass <davidbass570 at gmail.com>
> *Date: *Tuesday, January 25, 2022 at 11:06 AM
> *To: *Christopher Morrow <morrowc.lists at gmail.com>
> *Cc: *NANOG list <nanog at nanog.org>
> *Subject: *[EXTERNAL] Re: Flow collection and analysis
>
> *CAUTION:*The e-mail below is from an external source. Please exercise
> caution before opening attachments, clicking links, or following
> guidance.
>
> Most of these things, yes.
>
> Add:
>
> Troubleshooting/operational support
>
> Customer reporting
>
> On Tue, Jan 25, 2022 at 1:38 PM Christopher Morrow
> <morrowc.lists at gmail.com> wrote:
>
> On Tue, Jan 25, 2022 at 10:53 AM David Bass
> <davidbass570 at gmail.com> wrote:
>
> Wondering what others in the small to medium sized networks
> out there are using these days for netflow data collection,
> and your opinion on the tool?
>
> a question not asked, and answer not provided here, is:
> "What are you actually trying to do with the netflow?"
>
> Answers of the form:
> "Dos detection and mitigation planning"
> "Discover peering options/opportunities"
> "billing customers"
>
> "traffic analysis for future network planning"
>
> "abuse monitoring/management/investigations"
>
> "pretty noc graphs"
>
> are helpful.. I'm sure other answers would as well.. but: "how do
> you collect?" is "with a collector" and isn't super helpful if the
> collector can't feed into the tooling / infrastructure / long-term
> goal you have.
>
> The contents of this e-mail message and
> any attachments are intended solely for the
> addressee(s) and may contain confidential
> and/or legally privileged information. If you
> are not the intended recipient of this message
> or if this message has been addressed to you
> in error, please immediately alert the sender
> by reply e-mail and then delete this message
> and any attachments. If you are not the
> intended recipient, you are notified that
> any use, dissemination, distribution, copying,
> or storage of this message or any attachment
> is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220125/e8922527/attachment.html>
More information about the NANOG
mailing list