nanog mailing list archives

Re: Flow collection and analysis

From: Pierre LANCASTRE <pierre.lancastre () gmail com>
Date: Tue, 25 Jan 2022 18:39:53 +0100

Hi,

There is also Elastiflow https://docs.elastiflow.com/docs/
https://github.com/robcowart/elastiflow.

Cordialement / Best regards

Pierre Lancastre



Le mar. 25 janv. 2022 à 17:45, Mel Beckman <mel () beckman org> a écrit :

We use, depending on the situation, Intermapper, PRTG, and NTop.

Intermapper has the most powerful viewing app, but it’s expensive in that
you have to pay for each flow collector. It’s an actual app (Windows, Mac,
and Linux), rather than a web-based interface, so they can do more tricks
with the GUI, like drill down and sorting.

PRTG includes its web-based flow collector and viewer for free, and there
is even a free 100-sensor edition of the product that lets you use just the
flow stuff fir free forever.

NTop is an open source web-based flow sensor and viewer, with a combo paid
license model specifically for the flow collection. It connects directly to
a mirror port and sucks up the flow info, where is the other products
required to have some hardware device that exports flows. But you can get
dirt cheap used Cisco routers that do this, such as the 1941, which
although bulky do the job for a few hundred bucks. Once you get into 10 Gb
speeds though you need dedicated hardware sensors in newer gear, which is
pretty pricey. But if you have 10 Gb traffic you can afford it :-)

Ntop also has a commercial arm called Nbox, Which has a range of hardware
based ready to go solutions. However it’s all supported out of Italy, and
pretty much by one guy, so we’ve had uneven results with customers that
purchased it.

-mel

On Jan 25, 2022, at 8:30 AM, Laura Smith via NANOG <nanog () nanog org>

wrote:


On Tuesday, January 25th, 2022 at 15:46, David Bass <

davidbass570 () gmail com> wrote:

Wondering what others in the small to medium sized networks out there

are using these days for netflow data collection, and your opinion on the
tool?


Thanks!



Not a suggestion, but a question ....

Curious to know if anyone (apart from Cloudflare, obvs !) is using

Goflow ? (https://github.com/cloudflare/goflow)

Current thread:

Flow collection and analysis David Bass (Jan 25)
- Re: Flow collection and analysis Dave (Jan 25)
- Re: Flow collection and analysis Mark Tinka (Jan 25)
- Re: Flow collection and analysis Joe Loiacono (Jan 25)
- Re: Flow collection and analysis John Kristoff (Jan 25)
- Re: Flow collection and analysis Kevin Glass via NANOG (Jan 25)
- Re: Flow collection and analysis Laura Smith via NANOG (Jan 25)
  - Re: Flow collection and analysis Mel Beckman (Jan 25)
    - Re: Flow collection and analysis Pierre LANCASTRE (Jan 25)
    - Re: Flow collection and analysis Laura Smith via NANOG (Jan 25)
- Re: Flow collection and analysis Christopher Morrow (Jan 25)
  - Re: Flow collection and analysis David Bass (Jan 25)
    - Re: [EXTERNAL] Re: Flow collection and analysis Compton, Rich A (Jan 25)
    - Re: [EXTERNAL] Re: Flow collection and analysis Laura Smith via NANOG (Jan 25)
    - Re: [EXTERNAL] Re: Flow collection and analysis Eric Kuhnke (Jan 26)
    - Re: [EXTERNAL] Re: Flow collection and analysis Laura Smith via NANOG (Jan 26)
    - Re: [EXTERNAL] Re: Flow collection and analysis Mike Hammett (Jan 26)
    - Re: [EXTERNAL] Re: Flow collection and analysis heasley (Jan 26)
    - Re: [EXTERNAL] Re: Flow collection and analysis Mel Beckman (Jan 26)

(Thread continues...)