[163115] in North American Network Operators' Group
Re: Looking for Netflow analysis package
daemon@ATHENA.MIT.EDU (Rinse Kloek)
Mon May 20 05:21:36 2013
Date: Mon, 20 May 2013 11:21:22 +0200
From: Rinse Kloek <rinse.kloek@isp.solcon.nl>
To: nanog@nanog.org
In-Reply-To: <9279ebd77173fce5359bbcab3df8d0d9@nurve.com.au>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Op 20-5-2013 0:40, Cameron Daniel schreef:
> On 2013-05-17 8:11 pm, Tim Vollebregt wrote:
>> Is anyone using an open source solution to process netflow v9 captures?
>> I'm waiting for SiLK v3 for some time now, which is currently only
>> available for TLA's and Universities.
>>
>> Currently looking into nfdump.
>
> To drag this back on topic, yes I'm currently using nfcap/nfdump to
> capture and parse Netflow v9. It's not as tidy as I'd like but it does
> the job.
>
> If you want something you can just point and shoot, nfsen ties those
> two tools together into one config file.
>
>> Tim
>
>
Not only for netflow analysis, but also a DDOS detection tool: I am
testing Andrisoft Wanguard this month.
Very nice webinterface and has even possibility to do BGP blackholing.
RInse
