[c-nsp] looking for a netflow analyzer

[nick.nauwelaerts at thomson.com]

Hello,
We're looking for a somewhat easy to use netflow analyzer. The issue
we're trying to solve it that we have a lot of vpn connections which
include a lot of subnets (some /16's and a lot of /24's) and since
they're vpns we have limited visibility of what goes through them. So,
on the last hop before the vpn tunnel broker we're doing a netflow
export so we can get an idea of what's moving through it.
Now we need an easy to use frontend for this data, preferably something
web based. We've tried flowtools with various web addons, but those
didn't cut it. We tried ntop, it also didn't do what we are looking for.
We also used plixer scrutinizer, who's custom reports were what we were
looking for - regretfully those were limited to only 256 hosts which
doesn't even come close to a /16.

Does anyone have any recommendations or other ways to solve this
problem? We just need a netflow analyzer which allow us to set up groups
of hosts and have a semi realtime idea of what traffic they are
producing. Placing a packeteer box in between the vpn tunnel broker &
router might prove a bit expensive if it's just for visibility.

Thanks.

// nick