[c-nsp] And the best free netflow analyzer is.......

Per Carlson ml at carlson.homeunix.net
Wed Sep 29 11:31:04 EDT 2004 

On 2004-09-29 03:30, Brian Feeny wrote:

> What are the top options for a free, intuitive netflow analysis 
> package?  Something with some nice
> charts and good data.  Mostly for looking at AS traffic levels.  Not 
> just cflowd, but something you have to hack at
> less and results out of with a little less work (Yes in the past I have 
> written a ton of perl scripts to grok
> cflowd stuff, but I am looking for something better).

There was an announcement today of such a tool in the flow-tools mailing 
list. From the announcement:

---

We are proud to announce the public release of our GPL licensed network 
statistics tool Stager. Stager is a system for aggregation and 
presentation of network statistics from the flow-tools package.

More info:
     http://stager.uninett.no

Test the public version of Stager running on our network:
     https://stager.uninett.no

This initial release is a beta release.
_____________
Release notes

Stager is a system for aggregation and presentation of Network 
statistics. Version 1.0 beta is tailored to present NetFlow data 
processed with the flow-tools package. However, the system is generic 
and can be customized to present and process any kind of network 
statistics. Future versions of Stager will be developed with the focus 
on greater generality for other types of measurements.

The Stager backend collect data with flow-tools, and stores reports in a 
PostgreSQL database server. Background routines handle aggregation of 
hourly statistics into day, week and month etc. via cron. A dynamic web 
front-end presents the reports to users. The web front-end can present 
user-selected data in tables, matrix or plots. Multiple time periods 
and/or observation points can be plotted or presented simultaneously for 
convenient comparison of data.

The Stager reports are fully customizable and their view definitions are 
stored in the database. The following reports are provided with Stager 
out-of-the box:
- Destination Interface distribution
- IP Protocol distribution
- IP Type of Service distribution
- IP Source Address
- IP Destination Address
- IP Source/Destination Matrix
- Source AS
- Destination AS
- Source/Destination AS Matrix
- Transport Layer Source Port distribution
- Transport Layer Destination Port distribution
- Summary Report

Stager is based on Perl, PHP and PostgreSQL. The backend may run 
distributed on several hosts, and collect data to one or more database 
servers. Both the backend and the frontend are developed and tested on 
Linux but should run on most UNIX-based operating systems.

-- 

  Espen Breivik & Andreas Åkre Solberg
  Uninett AS


----

Per

More information about the cisco-nsp mailing list