21 May
2017
21 May
'17
12:23 p.m.
Brian,
Yes, that's correct, I extract the data from my PHYs using a software
that outputs in in netflow version 9.
There may be software that does an all-in-one; but I've never seen one
implemented; except in devices that integrate/render a GUI and/or its
own datastore for the flow date (e.g. Palo Alto, I also believe the new
Cisco NetFire product will also do something similar to this).
They also have the feature to read/save in pcap. Nfsen is the a GUI for
a backend that saves in that format.
In the terms of a Netflow architecture:
My NetFlow Exporter - LEDE device running softlowd in -v 9 mode
Collector - nfsen on a Linux Server
Flow Storage - pcap files processed using nfsen on the same server
Analysis Console - HTTP client browses to nfsen GUI
- KB3VWG
I think nsen (and softflowd) can read a
previously-captured pcap file,
derive flow data from the captured packets, and turn it in to Cisco
netflow packets to send to a collector.