NetFlow v9 collector for ntopng
ntopng is a free/commercial NetFlow/sFlow analysis console suitible for a variety of use cases. However, if you want to collect NetFlow or sFlow data and load that into ntopng you currently have no choice but to spend 199Euro on nProbe which in my case is more expensive than the Ubiquiti USG that I wanted to collect NetFlow stats from.
Hence, I created netflow2ng.
- Make sure you have a recent version of go. I used 1.14.2. Older versions may have problems.
git clone https://github.com/synfinatic/netflow2ng.git
cd netflow2ng
make
- The binary should now be in the
dist
directory. Copy it somewhere appropriate and create the necessary startup script(s).
- Pull the latest docker image
- Use the optional docker-compose.yaml file
- For a list of configuration arguments, run
netflow2ng -h
- Configure your network device(s) to send NetFlow stats to netflow2ng
- Configure your ntopng
service to read from netflow2ng:
ntopng -i tcp://192.168.1.1:5556
where "192.168.1.1" is the IP address of your netflow2ng server.
- Collect NetFlow v9 stats from one or more probes
- Run a ZMQ Publisher for ntopng to collect metrics from
- Prometheus metrics
- NetFlow Templates
netflow2ng utilizes goflow for NetFlow decoding. For more information on what NetFlow fields are supported in netflow2ng, please read the goflow docs.
In theory, adding sFlow/IPFIX/NetFlow v5 support should be pretty trivial, but isn't something I plan on doing due to lack of hardware for testing/need.
- Not 199Euro
- Doesn't support any probe features (sniffing traffic directly)
- Can't write stats to MySQL/disk or act as a NetFlow proxy
- Not tested with lots of probes or on 10Gbit networks
- Targeted for Home/SOHO use.
- No commercial support, etc.
- May not support the latest versions/features of ntopng
- Written in GoLang instead of C/C++