nanog mailing list archives
Re: vFlow :: IPFIX, sFlow and Netflow collector
From: freedman () freedman net (Avi Freedman)
Date: Tue, 16 May 2017 16:40:03 -0400 (EDT)
"NANOG" <nanog-bounces () nanog org> wrote on 05/16/2017 03:34:39 PM:
Nice analysis of the current state of the art.
Thanks; of DIY for store-all approaches, at least :) Commercial options is a different thread and I'm conflicted so shouldn't try to summarize those...
And then, the biggest flow store I know of (1 or 2 carriers may want toarguebut I haven't seen theirs) is at DISA for DoD - > a decade of un-sampledflowcoming from SiLK. All stored in hourly un-indexed files, essentiallynothingbut CLI to access,FlowViewer provides a web GUI for invoking SiLK analysis tools. Provides textual and graphical analysis with the ability to track filtered subsets over time. Screenshots, etc.: https://sourceforge.net/projects/flowviewer/
Sorry, forgot about flowviewer - I've never seen it in use and asked at a bunch of Flocons - but it looks updated more recently than I had thought. On a related topic, I'd love to see NANOGers and general netops and perf-minded people go to Flocon (put on by CERT, and heavily but not exclusively SiLK- and security-focused). Cross-pollination of interests, tools, and techniques will help us all...
Joe
Thanks, Avi
Current thread:
- vFlow :: IPFIX, sFlow and Netflow collector Mehrdad Arshad Rad (May 15)
- Re: vFlow :: IPFIX, sFlow and Netflow collector Vitaly Nikolaev (May 16)
- Re: vFlow :: IPFIX, sFlow and Netflow collector Avi Freedman (May 16)
- Re: vFlow :: IPFIX, sFlow and Netflow collector Joe Loiacono (May 16)
- Re: vFlow :: IPFIX, sFlow and Netflow collector Avi Freedman (May 16)
- Re: vFlow :: IPFIX, sFlow and Netflow collector Avi Freedman (May 16)
- Re: vFlow :: IPFIX, sFlow and Netflow collector Mehrdad Arshad Rad (May 17)
- Re: vFlow :: IPFIX, sFlow and Netflow collector i mawsog via NANOG (May 17)
- Re: vFlow :: IPFIX, sFlow and Netflow collector Vitaly Nikolaev (May 16)