On Sun, Dec 06, 2009 at 06:23:01PM -0500, Jake wrote: > On Sun, Dec 6, 2009 at 5:53 PM, Ray Van Dolson <rayvd at bludgeon.org> wrote: > > > OP wants nfdump[1]. Great tool. The web front-end is called nfsen and is > > a separate package. > > > > Ray > > > > [1] http://nfdump.sourceforge.net/ > > > > > Needs, but maybe not "wants." :-P > > I used to be in love with ntop, but it has shown to be very unstable in the > last few years (memory leaks, crashing, etc. for version in fedora-epel as > well as latest stable and latest svn checkout..) Ntop is what you want (at > least close to what you want the interface to look like) but i have yet to > find any good netflow analyser that blows my skirt up after having sampled > ntop (stability issues), solarwinds realtime netflow analyser (unknown > reliability, plus only meant for live troubleshooting, not trending), > solarwinds orion netflow module (too cumbersome to navigate to find simple > answers like "what was on the wire during a certain time frame), and the > cisco network analysis module for the 6500 (maybe the best i've seen even if > its interface is ugly as hell.) If anyone has had a good experience with > something user-friendly on the reporting side at least, I'd be thrilled to > hear about it. > > nfdump/nfsen does look like it could hold some value but i haven't evaluated > it yet. Both definitely fill their niche (actually I believe ntop can handle netflow data), but nfdump is much more appropriate (IMO) for colo/billing type situations. Just saves data to simple files which can be parsed and easily imported into a DB. No need for a heavy-weight full-on packet capture system. Ray