[AusNOG] Best Open-Source Flow analyzer tools
Curtis Raams
craams at staff.ains.net.au
Mon Dec 13 21:07:59 EST 2010
Hi Bill,
I use a cluster of ManageEngine Netflow within VMWare and find them to be the most resource intensive, but absolutely perfect for end customer use and in-depth QoS reporting etc.
I would highly recommend it if you have the ability to cluster them up, or a very large server.
But then we do combine ours with ME Opmanager for general network monitoring. We find this a great tool especially when providing our clients with their own dedicated logins that will present them a network map of their MPLS/VPLS networks with automated integrated Netflow.
[map]
Curtis Raams
Level 6, 140 Queen St. Melbourne Victoria 3000
T: 03 8665 8305 F: 03 9945 7502 M: 0466 858 180
E: craams at staff.ains.net.au<mailto:craams at staff.ains.net.au> W: www.ains.com.au<http://www.ains.com.au>
This email and any attachments may contain privileged and confidential information and are intended for the named addressee only. If you have received this e-mail in error, please notify us immediately by telephone on 1300 887 877 and delete this e-mail immediately. Any confidentiality, privilege or copyright is not waived or lost because this e-mail has been sent to you in error. It is your responsibility to check this e-mail and any attachments for viruses.
BE GREEN! Read from the screen.
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Bill Walker
Sent: Monday, 13 December 2010 6:17 PM
To: ausnog (ausnog at ausnog.net)
Subject: Re: [AusNOG] Best Open-Source Flow analyzer tools
We are looking to replace an ancient NetQoS appliance next year, so I installed the latest ME NFA and I have to say needing 3 hours worth of tech support just to get it installed and running is not my idea of a stable platform. However, at my previous employer, Snap, once it was running the reports etc were great. The graphical side is the best I've seen. However be prepared to keep throwing hardware at it.... Given the choice I would choose it again as for what I generally need it for it's the frontend that counts.
Cheers,
Bill
On Mon, 13 Dec 2010 14:52:07 +1000, "Sean K. Finn" <sean.finn at ozservers.com.au> wrote:
Hi Shaun,
I Have used Manage Engine before, both free and paid and am not too impressed with the speed of it, it’s just too sluggish and is based on JAVA too.
It eventually comes up with some nice flows but I need something a little more robust that wont go into a 45 minute death spiral when a dataset gets too large.
PMACCT is awesome for sniffing and generating / aggregating / exporting flows.
I have been looking at PMACCT recently and it looks like it can export netflow V9 which categorises IPv6 traffic and MPLS Traffic as well as boring old IPv4.
Being able to use it as the reflector to tag AS’s into the path information is kind of vital for a third party collector, and so far is the only flow-sniffer/generator / exporter that isn’t based on the equipment where the flows are traversing to generate the flow info.
Step 1 in a Ghetto Flow exporter in my mind is Definitely PMACCT, but then where to export the info to, and how to visualise it is the next hard part.
I have the choice to code something myself for the flows, but then I realised I’d rather be fishing, so am looking to rig something up as the viewer side of things.
Command line is great and all but I’m getting older and smarter(lazier) and realise that looking at fast moving and self updating graphs is easier than frantically typing lots of stuff. (And looks great on a feature wall).
After a link from another punter off-list, I followed through wth some googling and came up with
http://www.networkuptime.com/tools/netflow/index.html
As a few freeby tools. Not all are open source though.
Flowscan looks like it might do the trick, but might need some updating to display the RRD’s a little nicer.
http://www.networkuptime.com/tools/netflow/flowscan.html
S.
From: Shaun Deans :: Kadeo [mailto:shaun at kadeo.com.au]
Sent: Monday, 13 December 2010 2:09 PM
To: Sean K. Finn; 'ausnog (ausnog at ausnog.net)'
Subject: RE: Best Open-Source Flow analyzer tools
Sean.
I have been meaning to cook something up using pmacct<http://www.pmacct.net/> for a long time, but never seem to get there.
This package exposes a [s/net]flow daemon which can aggregate flows via various metrics.
It also has an option to create a BGP “Route Reflector” setup to work out BGP next hops etc.
The only issue is that you get out of this what you put into it because its all based on custom configs and gui’s / queries.
There are some frontends available.
As for the professional tool you can’t go past the Manage Engine Netflow Analyser <http://www.manageengine.com/products/netflow/index1.html> they have a free version that allows you to graph to interfaces.
Its quite interesting to throw on an interface for a week and then watch the trends that develop.
Cheers
Shaun
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Sean K. Finn
Sent: Monday, 13 December 2010 1:42 PM
To: 'ausnog (ausnog at ausnog.net)'
Subject: [AusNOG] Best Open-Source Flow analyzer tools
Hi AusNOG.
I’m looking for recommendations on the best open-source gui based visualisation tools for Flows.
Currently I’m using a paid-for Solar-Winds Flow-viewer that hangs off a MySQL Database, but runs Java as the web server / portal software. I think the current revision is called http://www.solarwinds.com/products/orion/nta/
It keeps getting clunky, and I keep throwing more hardware at it, but JAVA is just a pig.
I’m looking for alternatives because I really hate running Java.
My question to list is, what Open-Source alternatives are out there, and are there any good ones that people have used and can recommend?
I currently use the flow visualiser for dissection of network events after-the-fact, because its clunky and slow and takes a little while to sift through the information.
For live events I have text-based tools that give 1 second resolution and instant feedback on whats happening *now*.
If there are web based or gui tools out there that can run real-time, then great, but I’m really after something to show aggregate flows based on protocols by time of day, etc, all the nice stuff, basically to help traffic profile and dissect events to understand them better.
Any recommendations?
If there are better paid-for ones out there, lets hear it, too.
Thanks.
Sean.
(Feel free to reply on list and discuss / dissect).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 40772 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20101213/ddd9365d/attachment.bin>
More information about the AusNOG
mailing list