Re: [EXTERNAL] Re: Flow collection and analysis

Tue, 25 Jan 2022 16:11:52 -0800 

Samplicator is a nifty tool.

--John

On 1/25/22 16:50, Compton, Rich A wrote:
Elastiflow is pretty cool. https://www.elastiflow.com  or the old open source version: https://github.com/robcowart/elastiflow
You can pretty much do the same thing with Elastic’s filebeat (https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-netflow.html).
Pmacct is also good for grabbing netflow http://www.pmacct.net and sending it somewhere (file, database, kafka, etc.) You can also grab BMP and streaming telemetry with it.
If you’re looking for open source DDoS detection using netflow, check out https://github.com/pavel-odintsov/fastnetmon
Shameless plug, check out my tool to look for spoofed UDP amplification request traffic coming into your network https://github.com/racompton/tattle-tale
FYI, you can send netflow to multiple collectors with https://github.com/sleinen/samplicator 

-Rich
*From: *NANOG <nanog-bounces+rich.compton=charter....@nanog.org> on behalf of David Bass <davidbass...@gmail.com> 
*Date: *Tuesday, January 25, 2022 at 11:06 AM
*To: *Christopher Morrow <morrowc.li...@gmail.com>
*Cc: *NANOG list <nanog@nanog.org>
*Subject: *[EXTERNAL] Re: Flow collection and analysis
*CAUTION:*The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance. 

Most of these things, yes.

Add:

Troubleshooting/operational support

Customer reporting
On Tue, Jan 25, 2022 at 1:38 PM Christopher Morrow <morrowc.li...@gmail.com> wrote: 

    On Tue, Jan 25, 2022 at 10:53 AM David Bass
    <davidbass...@gmail.com> wrote:

        Wondering what others in the small to medium sized networks
        out there are using these days for netflow data collection,
        and your opinion on the tool?

    a question not asked, and answer not provided here, is:
      "What are you actually trying to do with the netflow?"

    Answers of the form:
      "Dos detection and mitigation planning"
      "Discover peering options/opportunities"
      "billing customers"

      "traffic analysis for future network planning"

      "abuse monitoring/management/investigations"

      "pretty noc graphs"

    are helpful.. I'm sure other answers would as well.. but: "how do
    you collect?" is "with a collector" and isn't super helpful if the
    collector can't feed into the tooling / infrastructure / long-term
    goal you have.

The contents of this e-mail message and
any attachments are intended solely for the
addressee(s) and may contain confidential
and/or legally privileged information. If you
are not the intended recipient of this message
or if this message has been addressed to you
in error, please immediately alert the sender
by reply e-mail and then delete this message
and any attachments. If you are not the
intended recipient, you are notified that
any use, dissemination, distribution, copying,
or storage of this message or any attachment
is strictly prohibited.

Reply via email to