Open source or free netflow monitoring

paul-d · ‎09-05-2009

Hi

I have 7 6500 series running in hybrid mode.

I am currently evaluating a commercial netflow analyser but with the current eco climate I wondered whether anyone had experience of a free or open source alternative ?

I have tried a couple but they dont seem to collect all the data I think I should get.

The catos on my 6500s are older and disparate versions and I dont seem able to coerce them into exporting version 5 flows some of them seem to only want to do version 7.

I have looked at scrutiniser aswell which will only retain data for 24 hours, in addition there is the quandry of using a free version of a commercial software which isnt really on for me as I work for a uk government agency.

cheers

Paul

Jan Nejman · ‎09-06-2009

Hi Paul,

I think that NetFlow version 7 is not problem for most of netflow analyzers. 99% of all supports version 5, 7 and 9. In the version 5 and 7 you can get a static list of fields - more information you cannot get, because it is a static format. You can check the fields on the: http://netflow.caligare.com/netflow_format.htm

But you have right, that some analyzers don't report all fields (but usually you need only IP addresses, ports ...). Which information do you need to see?

On 6500 in hybrid mode, you need to configure netflow on both parts (MSFC and supervisor)... see netflow pages for configuration.

I'm working for a Caligare company. So I can offer you our product Caligare Flow Inspector (http://www.caligare.com), or I can recommend you other free tools (for example nfsen or ntop), but I think that they doesn't met all your requirements.

Feel free to contact me with any question.

Kind regards,

Jan