[194656] in North American Network Operators' Group
Re: vFlow :: IPFIX, sFlow and Netflow collector
daemon@ATHENA.MIT.EDU (Avi Freedman)
Tue May 16 16:40:07 2017
X-Original-To: nanog@nanog.org
In-Reply-To: <OF8CCEEDC1.77C2AA1A-ON85258122.006E3F0A-85258122.006EAD43@csc.com>
To: Joe Loiacono <jloiacon@csc.com>
Date: Tue, 16 May 2017 16:40:03 -0400 (EDT)
From: freedman@freedman.net (Avi Freedman)
Cc: nanog@nanog.org, NANOG <nanog-bounces@nanog.org>,
Mehrdad Arshad Rad <arshad.rad@gmail.com>
Errors-To: nanog-bounces@nanog.org
> "NANOG" <nanog-bounces@nanog.org> wrote on 05/16/2017 03:34:39 PM:
> Nice analysis of the current state of the art.
Thanks; of DIY for store-all approaches, at least :)
Commercial options is a different thread and I'm conflicted so shouldn't
try to summarize those...
> > And then, the biggest flow store I know of (1 or 2 carriers may want to
> argue
> > but I haven't seen theirs) is at DISA for DoD - > a decade of un-sampled
> flow
> > coming from SiLK. All stored in hourly un-indexed files, essentially
> nothing
> > but CLI to access,
>
> FlowViewer provides a web GUI for invoking SiLK analysis tools. Provides
> textual and graphical analysis with the ability to track filtered subsets
> over time. Screenshots, etc.:
>
> https://sourceforge.net/projects/flowviewer/
Sorry, forgot about flowviewer - I've never seen it in use and asked at a bunch
of Flocons - but it looks updated more recently than I had thought.
On a related topic, I'd love to see NANOGers and general netops and perf-minded
people go to Flocon (put on by CERT, and heavily but not exclusively SiLK- and
security-focused).
Cross-pollination of interests, tools, and techniques will help us all...
>
> Joe
Thanks,
Avi
