Thanks, I'll check that out. - Brian
On Wed, May 24, 2017 at 08:41:47PM -0700, Stacy wrote:
On 05/21/2017 08:47 AM, Brian Kantor wrote:
(Please trim inclusions from previous messages) _______________________________________________ FreeBSD has source for ntop, nfsen, and softflowd. It appears that ntop and nfsen each have their own private file layout. I'm still looking at softflowd, but my first impression is that its output is datagrams headed for a collector which would in turn write it to disk - probably in its own private format.
I had hoped to avoid the overhead of sending the data in NetFlow packets to a separate collector.
Point is that I've already got the data exported from the router. Now I'm trying to write it to disk in a format that one of the analysis packages will cope with. The two file formats I've looked at seem obscure.
- Brian
Brian, Try Graylog. It has a netflow (v5) collector that you can use to send the data to it and then analyze it. Plus, with the elasticsearch back end, you can then also use tools like Kibana to really dig down into the data for analysis.
-Stacy