Re: Service Provider NetFlow Collectors

[Aaron <aaron_ppus () fmad com>]

Throwing my hat in the ring also (vendor from fmadio)
https://github.com/fmadio/pcap2json

Not exactly a newflow collector, its pcap -> flowgen -> elk on a single
box, working very well so far, still work in progress.

Problem with logstash is its too slow for high flow rates. So we did
everything inside the flow generator for direct ELK bulk uploads removing
logstash completely.

Cheers
Aaron

On Mon, 31 Dec 2018 at 18:40, Michel 'ic' Luczak <lists () benappy com> wrote:

> Don’t underestimate good old ELK
> https://www.elastic.co/guide/en/logstash/current/netflow-module.html
> + https://github.com/robcowart/elastiflow
>
> BR, ic
>
> On 31 Dec 2018, at 04:29, Erik Sundberg <ESundberg () nitelusa com> wrote:
>
> Hi Nanog….
>
> We are looking at replacing our Netflow collector. I am wonder what other
> service providers are using to collect netflow data off their Core and Edge
> Routers. Pros/Cons… What to watch out for any info would help.
>
> We are mainly looking to analyze the netflow data. Bonus if it does ddos
> detection and mitigation.
>
> We are looking at
> ManageEngine Netflow Analyzer
> PRTG
> Plixer – Scrutinizer
> PeakFlow
> Kentik
> Solarwinds NTA
>
>
> Thanks in advance…
>
> Erik
>
>
> ------------------------------
>
> CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files
> or previous e-mail messages attached to it may contain confidential
> information that is legally privileged. If you are not the intended
> recipient, or a person responsible for delivering it to the intended
> recipient, you are hereby notified that any disclosure, copying,
> distribution or use of any of the information contained in or attached to
> this transmission is STRICTLY PROHIBITED. If you have received this
> transmission in error please notify the sender immediately by replying to
> this e-mail. You must destroy the original transmission and its attachments
> without reading or saving in any manner. Thank you.