[clug] Traffic monitoring with Netflow
Bob Edwards
bob at cs.anu.edu.au
Mon Aug 5 03:23:54 UTC 2019
On 5/8/19 1:19 pm, Alastair D'Silva via linux wrote:
> Hey folks,
>
> I've been tinkering with Netflow to log traffic in & out of my home
> network, and it looks like there ins't really good open source analysis
> tools other than Ntopng:
> https://www.ntop.org/products/traffic-analysis/ntop/
>
> Unfortunately, it can't ingest Netflow directly, but instead uses a
> payware package (Nprobe) to encapsulate the information into JSON over
> ZeroMQ.
>
> Since this is a fairly trivial format to work with, I submitted patches
> to softflowd (https://github.com/irino/softflowd) to generate
> compatible messages for ntopng, so now you can have a nice analyser
> without any payware components.
>
> Softflowd can be a bit of a CPU hog though, since it uses BPFs to snoop
> on all the data for a particular interface. The next thing to do would
> be to make use of the Netfilter connection tracking data to generate
> message to ntopng. Here's a similar package that already generates
> Netflow data from that, in case anyone wants to have a crack themselves
> (I'm unlikely to get time to do it for a while):
> https://metacpan.org/pod/nfflowd
> Cheers,
>
>
Great work, Alastair. And +1 for submitting a patch!
cheers,
Bob Edwards.
More information about the linux
mailing list