Not exactly netflow until you set it up as such buy, Graylog2 and LogStash are OSS. Also, I'll probably be releasing modules and a simple evented (POE) program in perl soon (don't wait up if you can't deal with code - it ain't and ain't going to be a web app but a simple framework mainly for the simplest and fastest parsing regexes).
But all of the modern log aggregation software uses ElasticSearch as a data store which makes correlation / netflow pretty easy. On May 14, 2013 9:20 PM, "Joe Loiacono" <jloia...@csc.com> wrote: > Check out the FlowViewer/flow-tools/SiLK combo also. > > https://sourceforge.net/projects/flowviewer/ > > > > Erik Sundberg <esundb...@nitelusa.com> wrote on 05/14/2013 06:59:32 PM: > > > From: Erik Sundberg <esundb...@nitelusa.com> > > To: "nanog@nanog.org" <nanog@nanog.org> > > Date: 05/14/2013 07:00 PM > > Subject: Looking for Netflow analysis package > > > > Does anyone know of a netflow collector that will do the following. > > *Graph/List Destination Networks By Top AS > > *Graph/List Destination Networks By Top IP Address > > *AS Path Analysis > > *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..) > > > > We will be using this to help us decide who to Peer with and what > > transit Providers to look at. > > > > I am familiar with Arbor Network's Peak Flow utility but it's a > > little too pricy. > > I also found AS-Stats https://neon1.net/as-stats/ look promising > > from the power point on their page. > > > > Thanks > > Erik > > > > > > ________________________________ > > > > CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, > > files or previous e-mail messages attached to it may contain > > confidential information that is legally privileged. If you are not > > the intended recipient, or a person responsible for delivering it to > > the intended recipient, you are hereby notified that any disclosure, > > copying, distribution or use of any of the information contained in > > or attached to this transmission is STRICTLY PROHIBITED. If you have > > received this transmission in error please notify the sender > > immediately by replying to this e-mail. You must destroy the > > original transmission and its attachments without reading or saving > > in any manner. Thank you. > > >
