24 May
2017
24 May
'17
11:43 p.m.
Thanks, I'll check that out.
- Brian
On Wed, May 24, 2017 at 08:41:47PM -0700, Stacy wrote:
On 05/21/2017 08:47 AM, Brian Kantor wrote:
(Please trim inclusions from previous messages)
_______________________________________________
FreeBSD has source for ntop, nfsen, and softflowd. It appears that
ntop and nfsen each have their own private file layout. I'm still
looking at softflowd, but my first impression is that its output
is datagrams headed for a collector which would in turn write it
to disk - probably in its own private format.
I had hoped to avoid the overhead of sending the data in NetFlow
packets to a separate collector.
Point is that I've already got the data exported from the router.
Now I'm trying to write it to disk in a format that one of the
analysis packages will cope with. The two file formats I've
looked at seem obscure.
- Brian
Brian,
Try Graylog. It has a netflow (v5) collector that you can use to send the
data to it and then analyze it. Plus, with the elasticsearch back end, you
can then also use tools like Kibana to really dig down into the data for
analysis.
-Stacy