1

I tried rephrasing the question title about five times before arriving on this title.

Does nTop have the "built-in facilities" to process sFlow data so that a graph of source and destination of traffic can be revealed/processed in from the .rrd databases?

I have come across some other solutions, specifically nfdump/nfsen, but I can not find a clear answer to my question.

I'm currently opting to use sFlow over a port span/mirror only to see if it makes sense. I will be monitoring several slow links that will all range below 100Mbps.

mbrownnyc
  • 1,825
  • 8
  • 30
  • 50
  • It isn't really clear, are you trying to find if nTop can do this and are going to give up if you can't? Or do you just want rrd's of flows? Which this does, and its what I use http://www.caida.org/tools/utilities/flowscan/ – polynomial Sep 24 '11 at 01:45
  • Thanks. I am interested in keeping an eye on, per-protocol, traffic that traverses an interface. I discovered nTop, and nfdump+nfsen. I'll check out flowscan as well. Thanks! Regardless, I'm unsure whether the above are the best systems possible to produce what I am interested in. I'd like to be able to drill down into the traffic per-source, destination, protocol, bytes, etc. I think the best thing would really be netwitness investigator, but that's a bit overkill (and scary in it's own implied disclosure). – mbrownnyc Sep 26 '11 at 13:23
  • 1
    I just keep the raw flow files around for 60-90 days if I need to look at them. I use flow-tools to look at them: http://www.splintered.net/sw/flow-tools/ – polynomial Sep 28 '11 at 14:05

0 Answers0