[CentOS] netflow colelction and analysis
Jake
jakepaulus at gmail.com
Sun Dec 6 23:23:01 UTC 2009
On Sun, Dec 6, 2009 at 5:53 PM, Ray Van Dolson <rayvd at bludgeon.org> wrote:
> OP wants nfdump[1]. Great tool. The web front-end is called nfsen and is
> a separate package.
>
> Ray
>
> [1] http://nfdump.sourceforge.net/
>
Needs, but maybe not "wants." :-P
I used to be in love with ntop, but it has shown to be very unstable in the
last few years (memory leaks, crashing, etc. for version in fedora-epel as
well as latest stable and latest svn checkout..) Ntop is what you want (at
least close to what you want the interface to look like) but i have yet to
find any good netflow analyser that blows my skirt up after having sampled
ntop (stability issues), solarwinds realtime netflow analyser (unknown
reliability, plus only meant for live troubleshooting, not trending),
solarwinds orion netflow module (too cumbersome to navigate to find simple
answers like "what was on the wire during a certain time frame), and the
cisco network analysis module for the 6500 (maybe the best i've seen even if
its interface is ugly as hell.) If anyone has had a good experience with
something user-friendly on the reporting side at least, I'd be thrilled to
hear about it.
nfdump/nfsen does look like it could hold some value but i haven't evaluated
it yet.
--
Jake Paulus
JakePaulus at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20091206/21973e6c/attachment.html>
More information about the CentOS
mailing list