[AusNOG] Best Open-Source Flow analyzer tools

Shaun Deans :: Kadeo shaun at kadeo.com.au
Mon Dec 13 15:09:14 EST 2010 

Sean.

I have been meaning to cook something up using pmacct<http://www.pmacct.net/> for a long time, but never seem to get there.
This package exposes a [s/net]flow daemon which can aggregate flows via various metrics.
It also has an option to create a BGP "Route Reflector" setup to work out BGP next hops etc.
The only issue is that you get out of this what you put into it because its all based on custom configs  and gui's / queries.
There are some frontends available.


As for the professional tool you can't go past the Manage Engine Netflow Analyser <http://www.manageengine.com/products/netflow/index1.html>  they have a free version that allows you to graph to interfaces.
Its quite interesting to throw on an interface for a week and then watch the trends that develop.

Cheers

Shaun



From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Sean K. Finn
Sent: Monday, 13 December 2010 1:42 PM
To: 'ausnog (ausnog at ausnog.net)'
Subject: [AusNOG] Best Open-Source Flow analyzer tools

Hi AusNOG.

I'm looking for recommendations on the best open-source gui based visualisation tools for Flows.

Currently I'm using a paid-for Solar-Winds Flow-viewer that hangs off a MySQL Database, but runs Java as the web server / portal software. I think the current revision is called http://www.solarwinds.com/products/orion/nta/

It keeps getting clunky, and I keep throwing more hardware at it, but JAVA is just a pig.
I'm looking for alternatives because I really hate running Java.

My question to list is, what Open-Source alternatives are out there, and are there any good ones that people have used and can recommend?

I currently use the flow visualiser for dissection of network events after-the-fact, because its clunky and slow and takes a little while to sift through the information.

For live events I have text-based tools that give 1 second resolution and instant feedback on whats happening *now*.

If there are web based or gui tools out there that can run real-time, then great, but I'm really after something to show aggregate flows based on protocols by time of day, etc, all the nice stuff, basically to help traffic profile and dissect events to understand them better.

Any recommendations?
If there are better paid-for ones out there, lets hear it, too.

Thanks.

Sean.
(Feel free to reply on list and discuss / dissect).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20101213/281299b3/attachment.html>

More information about the AusNOG mailing list