The Xenoeye Netflow collector is available, which allows you to collect traffic flow statistics from various network devices transmitted using the Netflow v9 and IPFIX protocols, process data, generate reports, and build graphs. In addition, the collector can run custom scripts when thresholds are exceeded. The core of the project is written in C, the code is distributed under the ISC license.
Collector features:
- The data aggregated by the required Netflow fields is exported to PostgreSQL. Pre-aggregation takes place within the collector.
- Only the basic set of Netflow fields is supported out of the box, but almost any field can be added.
- The performance of the collector, depending on the nature of the traffic and reports, can reach several hundred thousand "flows per second" on a single CPU. The load distribution model is per device (router) per thread.
- The Collector uses moving averages to calculate traffic overruns.
- The collector can be used to search for infected hosts (sending email spam, HTTP(S)-flood, SSH-scanners), to detect spikes in DoS/DDoS attacks.
- Network reports can be visualized using various utilities: gnuplot, Python + Matplotlib scripts using Grafana
- Unlike many modern collectors, the project does not use Apache Kafka, Elastic, etc., the main calculations take place inside the collector itself.
Source: opennet.ru