nanog mailing list archives
RE: Flow collection and analysis
From: Jean St-Laurent via NANOG <nanog () nanog org>
Date: Tue, 25 Jan 2022 17:24:42 -0500
I agree with you. The tool doesn’t really matter. Windows, linux, cloud or not. It’s really important to first understand what are you trying to solve or improve? If this step is forgotten, then it will just be another tool to support to add in your long list of useless tools. My personal favorites are a mix of: * Ntop with PF_RING enabled. * Nfdump * Elasticsearch I’m sure all the other tools are also very good. Csv in excel or grep/awk could also work if you know exactly what you’re looking for. 😉 Jean From: NANOG <nanog-bounces+jean=ddostest.me () nanog org> On Behalf Of Christopher Morrow Sent: January 25, 2022 12:38 PM To: David Bass <davidbass570 () gmail com> Cc: <nanog () nanog org> <nanog () nanog org> Subject: Re: Flow collection and analysis On Tue, Jan 25, 2022 at 10:53 AM David Bass <davidbass570 () gmail com <mailto:davidbass570 () gmail com> > wrote: Wondering what others in the small to medium sized networks out there are using these days for netflow data collection, and your opinion on the tool? a question not asked, and answer not provided here, is: "What are you actually trying to do with the netflow?" Answers of the form: "Dos detection and mitigation planning" "Discover peering options/opportunities" "billing customers" "traffic analysis for future network planning" "abuse monitoring/management/investigations" "pretty noc graphs" are helpful.. I'm sure other answers would as well.. but: "how do you collect?" is "with a collector" and isn't super helpful if the collector can't feed into the tooling / infrastructure / long-term goal you have.
Current thread:
- Re: [EXTERNAL] Re: Flow collection and analysis, (continued)
- Re: [EXTERNAL] Re: Flow collection and analysis Eric Kuhnke (Jan 27)
- Re: [EXTERNAL] Re: Flow collection and analysis Mel Beckman (Jan 27)
- Re: [EXTERNAL] Re: Flow collection and analysis Laura Smith via NANOG (Jan 28)
- RE: [EXTERNAL] Re: Flow collection and analysis Jean St-Laurent via NANOG (Jan 28)
- Re: [EXTERNAL] Re: Flow collection and analysis Marcel Mitsuto (Jan 28)
- Message not available
- RE: [EXTERNAL] Re: Flow collection and analysis Laura Smith via NANOG (Jan 28)
- Re: [EXTERNAL] Re: Flow collection and analysis Laura Smith via NANOG (Jan 28)
- Re: [EXTERNAL] Re: Flow collection and analysis Chris Adams (Jan 26)
- Re: [EXTERNAL] Re: Flow collection and analysis Eric Kuhnke (Jan 27)
- Re: [EXTERNAL] Re: Flow collection and analysis John Schiel (Jan 25)