+1 for ElastiFlow. Couldn't be easier to set up and run. Logstash has native support for netflow and sflow now via codecs. Kibana is an easy-to-use dashboard. I trimmed out a bunch of stuff in the ElastiFlow config that assumed a unidirectional network (like a corporate site).
On Tue, Mar 13, 2018 at 8:48 AM, Luke Guillory <lguill...@reservetele.com> wrote: > There is also https://github.com/robcowart/elastiflow which uses the ELK > stack. > > > > > > Luke Guillory > Vice President – Technology and Innovation > > Tel: 985.536.1212 > Fax: 985.536.0300 > Email: lguill...@reservetele.com > > Reserve Telecommunications > 100 RTC Dr > Reserve, LA 70084 > > ____________________________________________________________ > _____________________________________ > > Disclaimer: > The information transmitted, including attachments, is intended only for > the person(s) or entity to which it is addressed and may contain > confidential and/or privileged material which should not disseminate, > distribute or be copied. Please notify Luke Guillory immediately by e-mail > if you have received this e-mail by mistake and delete this e-mail from > your system. E-mail transmission cannot be guaranteed to be secure or > error-free as information could be intercepted, corrupted, lost, destroyed, > arrive late or incomplete, or contain viruses. Luke Guillory therefore does > not accept liability for any errors or omissions in the contents of this > message, which arise as a result of e-mail transmission. . > > -----Original Message----- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Hugo Slabbert > Sent: Tuesday, March 13, 2018 10:44 AM > To: Fredrik Korsbäck > Cc: nanog@nanog.org > Subject: Re: Spiffy Netflow tools? > > > On Tue 2018-Mar-13 00:50:26 +0100, Fredrik Korsbäck <hu...@nordu.net> > wrote: > > > >Kentik is probably top of the foodchain right now. > > > >But they are certainly not alone in the biz. Ontop of my head... > > > >* Flowmon > >* Talaia > >* Arbor Peakflow > >* Deepfield > >* Pmacct + supporting toolkit > >* NFsen/Nfdump/AS-stats > >* Put kibana/ES infront of any collector > > Logstash has a netflow plugin as of 5.x or something > (https://www.elastic.co/guide/en/logstash/current/netflow-module.html) to > act as a collector. > > A walkthrough: > http://www.routereflector.com/2017/07/elk-as-a-free-netflow- > ipfix-collector-and-visualizer/ > > Using the logstash module setup thing adds a whole bunch of pretty netflow > graphs and visualizations and such into Kibana for you. > > Caveat: > Supports netflow v5 and v9, but does not indicate support for IPFIX > explicitly. It definitely does not support sFlow, though if you really > want you can stick sflowtool in front of it to translate sFlow->netflow, > e.g. http://blog.sflow.com/2011/12/sflowtool.html. > > >* Solarwinds something something > >* Different vendor toolkits > > > >-- > >hugge > > -- > Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com > pgp key: B178313E | also on Signal >
