vFlow :: IPFIX, sFlow and Netflow collector

[freedman at freedman.net (Avi Freedman)]

> "NANOG" <nanog-bounces at nanog.org> wrote on 05/16/2017 03:34:39 PM:

> Nice analysis of the current state of the art.

Thanks; of DIY for store-all approaches, at least :)  

Commercial options is a different thread and I'm conflicted so shouldn't 
try to summarize those...

> > And then, the biggest flow store I know of (1 or 2 carriers may want to 
> argue
> > but I haven't seen theirs) is at DISA for DoD - > a decade of un-sampled 
> flow
> > coming from SiLK.  All stored in hourly un-indexed files, essentially 
> nothing
> > but CLI to access,
> 
> FlowViewer provides a web GUI for invoking SiLK analysis tools. Provides 
> textual and graphical analysis with the ability to track filtered subsets 
> over time. Screenshots, etc.:
> 
> https://sourceforge.net/projects/flowviewer/

Sorry, forgot about flowviewer - I've never seen it in use and asked at a bunch
of Flocons - but it looks updated more recently than I had thought.

On a related topic, I'd love to see NANOGers and general netops and perf-minded
people go to Flocon (put on by CERT, and heavily but not exclusively SiLK- and
security-focused).

Cross-pollination of interests, tools, and techniques will help us all...

> 
> Joe

Thanks,

Avi