flow-tools + fprobe-ulog vs. nfsen + nfdump + softflowd
>>>>> "IS" == Ivan Shmakov <oneingray@gmail.com> writes:
>>>>> "JM" == Jeroen Massar <jeroen@unfix.org> writes:
[...]
IS> * `flow-tools' and `fprobe-ulog'; (use `nfdump' and `softflowd'
IS> instead? oh well, `nfdump' depends on... `ttf-dejavu'! thanks to
IS> the `librrd4' dependency);
JM> If you require gratuit NetFlow something NFSen/NFdump is the best
JM> you can get,
IS> ?
> $ apt-cache search nfsen
> $
It has a home at [1], and an almost year and a half old ITP [2].
JFTR: NfSen is not a substitute for either `flow-tools' or
`fprobe-ulog', of which the latter is used to collect
``netflows'' out of the passing data, while the former offers a
daemon to collect netflows (`flow-capture'), along with a rich
library of functions to process the collected data.
(Like: selecting all the flows collected every Friday,
between 12:00 and 15:59, from June, 1st through July, 15th;
with a simple Shell script!)
As for the IPv6 support:
* `softflowd' could probably be used instead `fprobe-ulog';
+ note, however, that the init.d/ script used to start the
former in Debian (as of 0.9.8-1) doesn't allow multiple
`softflowd' instances to be started; (but wait, neither
`fprobe-ulog' init.d/ script does! congratulations, I've
just discovered a bug in my router's configuration...);
+ also, the capture method used by `softflowd' (the libpcap
library) seems to me less efficient (w. r. t. the CPU usage)
than the one `fprobe-ulog' uses (-j ULOG, iptables(8));
* `nfdump' could replace the `flow-capture' daemon of
`flow-tools', but is there a replacement for the `flow-tools'
data processing library?
* as per the homepage [1], `nfsen' does the graphs and web
pages; these are of less interest to me at this moment.
[1] http://nfsen.sourceforge.net/
[2] http://bugs.debian.org/472666
[...]
--
FSF associate member #7257
Reply to: