24 May
2017
24 May
'17
10:41 p.m.
On 05/21/2017 08:47 AM, Brian Kantor wrote:
(Please trim inclusions from previous messages)
_______________________________________________
FreeBSD has source for ntop, nfsen, and softflowd. It appears that
ntop and nfsen each have their own private file layout. I'm still
looking at softflowd, but my first impression is that its output
is datagrams headed for a collector which would in turn write it
to disk - probably in its own private format.
I had hoped to avoid the overhead of sending the data in NetFlow
packets to a separate collector.
Point is that I've already got the data exported from the router.
Now I'm trying to write it to disk in a format that one of the
analysis packages will cope with. The two file formats I've
looked at seem obscure.
- Brian
Brian,
Try Graylog. It has a netflow (v5) collector that you can use to send
the data to it and then analyze it. Plus, with the elasticsearch back
end, you can then also use tools like Kibana to really dig down into the
data for analysis.
-Stacy