[171527] in North American Network Operators' Group
Re: oss netflow collector/trending/analysis
daemon@ATHENA.MIT.EDU (Warren Bailey)
Sun May 4 15:40:25 2014
X-Original-To: nanog@nanog.org
From: Warren Bailey <wbailey@satelliteintelligencegroup.com>
To: David Edelman <dedelman@iname.com>, Leslie <geekgirl@gmail.com>
Date: Sun, 4 May 2014 17:10:38 +0000
In-Reply-To: <BF7B762E-1E90-4072-A61A-C3654B22E97A@iname.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Reply-To: Warren Bailey <wbailey@satelliteintelligencegroup.com>
Errors-To: nanog-bounces@nanog.org
Ntop is somehow open source if I recall. Seemed to work well and was fairly=
cheap to license.
Sent from my T-Mobile 4G LTE Device
-------- Original message --------
From: David Edelman <dedelman@iname.com>
Date: 05/04/2014 11:05 AM (GMT-07:00)
To: Leslie <geekgirl@gmail.com>
Cc: nanog@nanog.org
Subject: Re: oss netflow collector/trending/analysis
Argus (qosient.com) is worth looking at.
Dave Edelman
> On May 2, 2014, at 12:21, Leslie <geekgirl@gmail.com> wrote:
>
> pmacct (http://www.pmacct.net/) is another pretty awesome open source too=
l.
>
> Leslie
>
>> On Fri, May 2, 2014 at 8:00 AM, Avi Freedman <freedman@freedman.net> wro=
te:
>>
>> There's also SiLK from CMU. It's powerful but has a learning curve.
>>
>> I also see pmacct being used both by some end networks and by
>> some vendors as part of systems.
>>
>> Avi
>>
>>> Hey There,
>>>
>>> I was just wondering, for people who are doing netflow analysis with
>>> open source tools and who are doing at least 10k or more flows per
>>> second, what are you using?
>>>
>>> I know of three tool sets:
>>>
>>> - The classic osu flow-tools and the modern continuation/fork.
>>> - ntop
>>> - nfdump/nfsen
>>>
>>> Is there anything else I've missed? A few folks here really seem to lik=
e
>>> nfsen/nfdump.
>>>
>>> Thanks,
>>>
>>> Matt
>>
