[CentOS] cisco netflow analyzer?
Scott McClanahan
smcclanahan at forterrainc.com
Wed Feb 25 15:25:37 UTC 2009
> >
> > i've been pretty impressed with nfsen. took a little bit of fiddling to
> > figure out, but lets me drill down into things pretty well.
>
> Seconded. nfsen is awesome. Bit of a learning curve, but extremely
> powerful once you get the hang of it!
>
> You can also use iptables and the ULOG target to generate "flow"
> information from your Linux boxes and send the output to nfsen/nfcapd
> as well!
>
> Ray
I'm not trying to hijack this thread but do you find any significant
overhead involved with using the ULOG target or packet loss in your
statistics? Would you have a ULOG target very early on in your FORWARD
filter to log all packets? Do those packets go to a ulogd instance and
then to disk (rrd to limit disk usage) for nfsen to use?
I'm concerned with losing packets in my current ntop configuration (not
using pf_ring) and am looking at less obtrusive alternatives like gulp
or ulog to first get ALL of the packets and with as little overhead as
possible move that data to a location where analysis can happen using
ntop or nfsen. Thanks.
More information about the CentOS
mailing list