FreeBSD has source for ntop, nfsen, and softflowd. It appears that ntop and nfsen each have their own private file layout. I'm still looking at softflowd, but my first impression is that its output is datagrams headed for a collector which would in turn write it to disk - probably in its own private format.
I had hoped to avoid the overhead of sending the data in NetFlow packets to a separate collector.
Point is that I've already got the data exported from the router. Now I'm trying to write it to disk in a format that one of the analysis packages will cope with. The two file formats I've looked at seem obscure. - Brian
On Sun, May 21, 2017 at 11:37:28AM -0400, lleachii--- via 44Net wrote:
(Please trim inclusions from previous messages) _______________________________________________ I like ntop; but the version available through most OEes is the old version (the old version did not have a integrated database/save feature). The new version (I believe) requires a paid license.
I use nfsen on my collector, the router dumps in netflow v5 - using the softflowd software packaged with LEDE.
I'll search for a 'white paper' on the format/syntax of the output data.
- Lynwood
KB3VWG
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net