I highly recommend pmacct and it's in-memory tables. Lightweight, easy to query and super fast.
You can also easily run multiple aggregates of traffic to find what you are interested in, tag common interface types to easily filter traffic.. Or you can use pmacct to insert this into whatever database you want, AMQP or MongoDB.. My current favorite is using an IMT table for DoS detection and another for aggregates for interesting traffic types and querying this every X minutes and inserting it into ElasticSearch. Kibana makes the most powerful netflow dashboard ever. -- Tim On Nov 20, 2014 6:39 PM, "Roland Dobbins" <rdobb...@arbor.net> wrote: > > On 21 Nov 2014, at 9:19, Robert Duffy wrote: > > What open-source NetFlow analysis tools would you recommend for quickly >> detecting a DDoS attack? >> > > I generally recommend that folks get started with something like > nfdump/nfsen or ntop. There are other, more sophisticated tools out there, > but these allow one to get up and running quickly, and to gain valuable > operational experience with which to evaluate more sophisticated tools, if > they're needed. > > ----------------------------------- > Roland Dobbins <rdobb...@arbor.net> >
