Re: Spiffy Netflow tools?

[Chase Christian <madsushi () gmail com>]

 +1 for ElastiFlow. Couldn't be easier to set up and run. Logstash has
native support for netflow and sflow now via codecs. Kibana is an
easy-to-use dashboard. I trimmed out a bunch of stuff in the ElastiFlow
config that assumed a unidirectional network (like a corporate site).

On Tue, Mar 13, 2018 at 8:48 AM, Luke Guillory <lguillory () reservetele com>
wrote:

> There is also https://github.com/robcowart/elastiflow which uses the ELK
> stack.
>
>
>
>
>
> Luke Guillory
> Vice President – Technology and Innovation
>
> Tel:    985.536.1212
> Fax:    985.536.0300
> Email:  lguillory () reservetele com
>
> Reserve Telecommunications
> 100 RTC Dr
> Reserve, LA 70084
>
> ____________________________________________________________
> _____________________________________
>
> Disclaimer:
> The information transmitted, including attachments, is intended only for
> the person(s) or entity to which it is addressed and may contain
> confidential and/or privileged material which should not disseminate,
> distribute or be copied. Please notify Luke Guillory immediately by e-mail
> if you have received this e-mail by mistake and delete this e-mail from
> your system. E-mail transmission cannot be guaranteed to be secure or
> error-free as information could be intercepted, corrupted, lost, destroyed,
> arrive late or incomplete, or contain viruses. Luke Guillory therefore does
> not accept liability for any errors or omissions in the contents of this
> message, which arise as a result of e-mail transmission. .
>
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Hugo Slabbert
> Sent: Tuesday, March 13, 2018 10:44 AM
> To: Fredrik Korsbäck
> Cc: nanog () nanog org
> Subject: Re: Spiffy Netflow tools?
>
>
> On Tue 2018-Mar-13 00:50:26 +0100, Fredrik Korsbäck <hugge () nordu net>
> wrote:
> > Kentik is probably top of the foodchain right now.
> >
> > But they are certainly not alone in the biz. Ontop of my head...
> >
> > * Flowmon
> > * Talaia
> > * Arbor Peakflow
> > * Deepfield
> > * Pmacct + supporting toolkit
> > * NFsen/Nfdump/AS-stats
> > * Put kibana/ES infront of any collector
>
> Logstash has a netflow plugin as of 5.x or something
> (https://www.elastic.co/guide/en/logstash/current/netflow-module.html) to
> act as a collector.
>
> A walkthrough:
> http://www.routereflector.com/2017/07/elk-as-a-free-netflow-
> ipfix-collector-and-visualizer/
>
> Using the logstash module setup thing adds a whole bunch of pretty netflow
> graphs and visualizations and such into Kibana for you.
>
> Caveat:
> Supports netflow v5 and v9, but does not indicate support for IPFIX
> explicitly.  It definitely does not support sFlow, though if you really
> want you can stick sflowtool in front of it to translate sFlow->netflow,
> e.g. http://blog.sflow.com/2011/12/sflowtool.html.
>
> > * Solarwinds something something
> > * Different vendor toolkits
> >
> > --
> > hugge
>
> --
> Hugo Slabbert       | email, xmpp/jabber: hugo () slabnet com
> pgp key: B178313E   | also on Signal