[AusNOG] User-Aware Netflow

Matt Perkins matt at spectrum.com.au
Thu Mar 27 12:09:40 EST 2014


Hi Scotty,
  The approach you are taking sounds both interesting and advantageous. 
I know from personal experience that some of the ways we do these things 
has remained unchanged since the 90's and it would be very interesting 
to see a fresh approach with modem big data techniques.

I for one would be interested and im sure others would be.

Matt


  On 27/03/14 11:53 AM, Scott O'Brien wrote:
> G'Day Noggers,
>
> Long time loiterer, first time poster here.  At the organisation I've been working at, we've had a requirement to attribute traffic (and the type of traffic) back to a user.  Not being able to find any open source stuff to do this, I decided to build one.
>
> I've been building a tool that makes use of pmacct to put netflow and BGP attributes (namely community and AS Path) into a central message queue (RabbitMQ).  In basic, the tool is basically a set of consumers that listen on a user-auth message exchange and have access to auth history in my MongoDB cluster.   When a flow comes in, I'm able to add the user who had the destination IP address at the time to the netflow record before storing it on my database and increment the appropriate counters in Mongo.  I'm now working on a front-end (in Meteor) that shows information on the traffic and per user usage in near real-time.
>
> There's a little bit of work now to abstract the tools I've built such that it's easy to use for the wider community.  I'm curious, is this style of IP based user-attribution something that people want/need?  How are others tackling this problem? (I know proxies are popular.)  If there's a demand for it, I'll abstract it, clean it up a bit and put it up on Github but only if it's an area people have found lacking.  Ideas and suggestions welcome :-)
>
> Cheers,
> - Scotty O'Brien
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog


-- 
/* Matt Perkins
         Direct 1300 137 379     Spectrum Networks Ptd. Ltd.
         Office 1300 133 299     matt at spectrum.com.au
         Fax    1300 133 255     Level 6, 350 George Street Sydney 2000
         SIP 1300137379 at sip.spectrum.com.au
         PGP/GNUPG Public Key can be found at  http://pgp.mit.edu
*/



More information about the AusNOG mailing list