[prev in list] [next in list] [prev in thread] [next in thread]
List: inet-access
Subject: netflow tools
From: Jon Lewis <jlewis () lewis ! org>
Date: 2005-05-31 17:49:17
Message-ID: Pine.LNX.4.58.0505311333210.4210 () web1 ! mmaero ! com
[Download RAW message or body]
I'm looking for a newflow analysis tool(s) that can handle netflow data
from several routers with a handful of interfaces each, doing FE to GigE
internet transit.
I need to be able to generate reports, and get data sorted by things like
"top dst <IP|ASN> <bytes|packets>" and "top src <IP|ASN> <bytes|packets>"
in order to both see where traffic is going to / coming from, and also be
able to identify DoS sources and targets. Pretty pictures and easy access
to above mentioned reports via a web interface would be nice. Ability to
generate such reports both for real time (what's happening right now), and
for recently archived past (i.e. what was happening last Tuesday night?)
is a must. Enough documentation to get a working installation without
having to read all the source would be nice.
Years ago, I used the caida cflowd and arts tools...but these are
somewhat dated and appear to be deprecated.
Free would be nice too, but isn't an absolute requirement. Does all the
above easily, is more important.
I spent some time this morning fooling around with Stager, and found its
[incomplete/out of date] documentation frustrating.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
_______________________________________________
"Eat sushi frequently". - Avi
inet@inet-access.net is the human contact address.
list@inet-access.net is the list posting address.
See below URL for subscribe/unsubscribe and list options:
http://inet-access.net/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic