[171499] in North American Network Operators' Group
Re: oss netflow collector/trending/analysis
daemon@ATHENA.MIT.EDU (Pierre-Yves Maunier)
Fri May 2 19:55:58 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <alpine.LRH.2.11.1405021428110.25015@ybpnyubfg>
Date: Fri, 2 May 2014 17:58:47 +0200
From: Pierre-Yves Maunier <pymaunier+lists@gmail.com>
To: Matthew Galgoci <mgalgoci@redhat.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
2014-05-02 16:36 GMT+02:00 Matthew Galgoci <mgalgoci@redhat.com>:
>
> Hey There,
>
> I was just wondering, for people who are doing netflow analysis with
> open source tools and who are doing at least 10k or more flows per
> second, what are you using?
>
> I know of three tool sets:
>
> - The classic osu flow-tools and the modern continuation/fork.
> - ntop
> - nfdump/nfsen
>
> Is there anything else I've missed? A few folks here really seem to like
> nfsen/nfdump.
>
> Thanks,
>
> Matt
>
Hi Matt,
I've been using pmacct for quite some time now and I'm more than happy with
the results.
Being able to store all infos in a *SQL db is a killer feature for me.
Also it can speak BGP with your routers so it can grab the AS Path
information which allow us for example to make traffic graphs for a
destination AS aggregated by AS Path (one of my favorites feature I had
with the Arbor peakflow in my previous company).
Pierre-Yves
