/netflow2ng

NetFlow v9 collector for ntopng

Primary LanguageGoMIT LicenseMIT

netflow2ng

NetFlow v9 collector for ntopng

TL;DR

ntopng is a free/commercial NetFlow/sFlow analysis console suitible for a variety of use cases. However, if you want to collect NetFlow or sFlow data and load that into ntopng you currently have no choice but to spend 199Euro on nProbe which in my case is more expensive than the Ubiquiti USG that I wanted to collect NetFlow stats from.

Hence, I created netflow2ng.

Installing

Build From Source
  1. Make sure you have a recent version of go. I used 1.14.2. Older versions may have problems.
  2. git clone https://github.com/synfinatic/netflow2ng.git
  3. cd netflow2ng
  4. make
  5. The binary should now be in the dist directory. Copy it somewhere appropriate and create the necessary startup script(s).
Install via Docker
  1. Pull the latest docker image
  2. Use the optional docker-compose.yaml file

Configuration

  1. For a list of configuration arguments, run netflow2ng -h
  2. Configure your network device(s) to send NetFlow stats to netflow2ng
  3. Configure your ntopng service to read from netflow2ng: ntopng -i tcp://192.168.1.1:5556 where "192.168.1.1" is the IP address of your netflow2ng server.

Features

  • Collect NetFlow v9 stats from one or more probes
  • Run a ZMQ Publisher for ntopng to collect metrics from
  • Prometheus metrics
  • NetFlow Templates

NetFlow v9 Support

netflow2ng utilizes goflow for NetFlow decoding. For more information on what NetFlow fields are supported in netflow2ng, please read the goflow docs.

sFlow/IPFIX/etc support?

In theory, adding sFlow/IPFIX/NetFlow v5 support should be pretty trivial, but isn't something I plan on doing due to lack of hardware for testing/need.

How is netflow2ng different from nProbe?

  • Not 199Euro
  • Doesn't support any probe features (sniffing traffic directly)
  • Can't write stats to MySQL/disk or act as a NetFlow proxy
  • Not tested with lots of probes or on 10Gbit networks
  • Targeted for Home/SOHO use.
  • No commercial support, etc.
  • May not support the latest versions/features of ntopng
  • Written in GoLang instead of C/C++