[AusNOG] Best Open-Source Flow analyzer tools

Bill Walker bill at wjw.co.nz
Mon Dec 13 18:16:48 EST 2010 


We are looking to replace an ancient NetQoS appliance next year, so I
installed the latest ME NFA and I have to say needing 3 hours worth of
tech support just to get it installed and running is not my idea of a
stable platform. However, at my previous employer, Snap, once it was
running the reports etc were great. The graphical side is the best I've
seen. However be prepared to keep throwing hardware at it.... Given the
choice I would choose it again as for what I generally need it for it's
the frontend that counts. 

Cheers, 

Bill 

On Mon, 13 Dec 2010
14:52:07 +1000, "Sean K. Finn"  wrote:  

Hi Shaun, 

I Have used Manage
Engine before, both free and paid and am not too impressed with the
speed of it, it's just too sluggish and is based on JAVA too. 

It
eventually comes up with some nice flows but I need something a little
more robust that wont go into a 45 minute death spiral when a dataset
gets too large. 

PMACCT is awesome for sniffing and generating /
aggregating / exporting flows. 

I have been looking at PMACCT recently
and it looks like it can export netflow V9 which categorises IPv6
traffic and MPLS Traffic as well as boring old IPv4. 

Being able to use
it as the reflector to tag AS's into the path information is kind of
vital for a third party collector, and so far is the only
flow-sniffer/generator / exporter that isn't based on the equipment
where the flows are traversing to generate the flow info. 

Step 1 in a
Ghetto Flow exporter in my mind is Definitely PMACCT, but then where to
export the info to, and how to visualise it is the next hard part. 

I
have the choice to code something myself for the flows, but then I
realised I'd rather be fishing, so am looking to rig something up as the
viewer side of things. 

Command line is great and all but I'm getting
older and smarter(lazier) and realise that looking at fast moving and
self updating graphs is easier than frantically typing lots of stuff.
(And looks great on a feature wall). 

After a link from another punter
off-list, I followed through wth some googling and came up with


http://www.networkuptime.com/tools/netflow/index.html [1] 

As a few
freeby tools. Not all are open source though. 

Flowscan looks like it
might do the trick, but might need some updating to display the RRD's a
little nicer. 

http://www.networkuptime.com/tools/netflow/flowscan.html
[2] 

S. 

FROM: Shaun Deans :: Kadeo [mailto:shaun at kadeo.com.au] 
SENT:
Monday, 13 December 2010 2:09 PM
TO: Sean K. Finn; 'ausnog
(ausnog at ausnog.net)'
SUBJECT: RE: Best Open-Source Flow analyzer tools  


Sean. 

I have been meaning to cook something up using pmacct [3] for
a long time, but never seem to get there. 

This package exposes a
[s/net]flow daemon which can aggregate flows via various metrics. 

It
also has an option to create a BGP "Route Reflector" setup to work out
BGP next hops etc. 

The only issue is that you get out of this what you
put into it because its all based on custom configs and gui's / queries.


There are some frontends available. 

As for the professional tool you
can't go past the Manage Engine Netflow Analyser  [4] they have a free
version that allows you to graph to interfaces. 

Its quite interesting
to throw on an interface for a week and then watch the trends that
develop. 

Cheers 

Shaun  

FROM: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] ON BEHALF OF Sean K. Finn
SENT:
Monday, 13 December 2010 1:42 PM
TO: 'ausnog
(ausnog at ausnog.net)'
SUBJECT: [AusNOG] Best Open-Source Flow analyzer
tools   

Hi AusNOG. 

I'm looking for recommendations on the best
open-source gui based visualisation tools for Flows. 

Currently I'm
using a paid-for Solar-Winds Flow-viewer that hangs off a MySQL
Database, but runs Java as the web server / portal software. I think the
current revision is called http://www.solarwinds.com/products/orion/nta/
[5] 

It keeps getting clunky, and I keep throwing more hardware at it,
but JAVA is just a pig. 

I'm looking for alternatives because I really
hate running Java. 

My question to list is, what Open-Source
alternatives are out there, and are there any good ones that people have
used and can recommend? 

I currently use the flow visualiser for
dissection of network events after-the-fact, because its clunky and slow
and takes a little while to sift through the information. 

For live
events I have text-based tools that give 1 second resolution and instant
feedback on whats happening *NOW*. 

If there are web based or gui tools
out there that can run real-time, then great, but I'm really after
something to show aggregate flows based on protocols by time of day,
etc, all the nice stuff, basically to help traffic profile and dissect
events to understand them better. 

Any recommendations? 

If there are
better paid-for ones out there, lets hear it, too. 

Thanks. 

Sean.


(Feel free to reply on list and discuss / dissect).   




Links:
------
[1]
http://www.networkuptime.com/tools/netflow/index.html
[2]
http://www.networkuptime.com/tools/netflow/flowscan.html
[3]
http://www.pmacct.net/
[4]
http://www.manageengine.com/products/netflow/index1.html
[5]
http://www.solarwinds.com/products/orion/nta/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20101213/1f945bcd/attachment.html>

More information about the AusNOG mailing list