[Part of the series of blog postings on Netflow]
A lightweight Netflow collector and web display based on NFSEN/NFDUMP in a Docker container. NFSEN and NFDUMP are documented and hosted at SourceForge.net
This container listens on ports 2055, 4739, 6343, and 9666 for netflow, ipfix, and sFlow exports. It displays the collected data in a web interface.
Check the Github repo. The files from the /docs
directory have more info. Major thanks go to https://github.com/nerdalert/nfsen-dockerized
for a start on this Dockerfile and all the supporting documentation.
Pros:
- Pretty graphs, for varying time periods: daily, weekly, monthly, yearly.
- View data from a specific time period by going to Details, then dragging the thumbs at the bottom of the graph.
- Top-N talkers also available from Details page: scroll to the bottom of the page, configure “Options”, the click “process”
- Automatically detects the netflow exporter(s).
- Lightweight – Runs on a modest computer. Works great if you’re only handling a single home-router’s flow exports. I haven’t tested it with more exporters/more traffic.
- The Docker container displays graphs “out of the box”.
Cons:
- Home page shows 12 charts, one each for flows/sec, packets/sec, and bits/sec, for each of the four time periods. This makes it hard to know what to “focus on” when you’re just starting up, since none of the charts has very much data.
- Also, showing charts with “Flows/sec” makes it seem as if that’s a critical statistic. But Bit/sec is more important (IMHO).
- Selecting a time period to view is a little clunky. (It’d be fun simply to drag across the graph…)
- Alerts and Stats seem a bit inscrutable.
- I briefly tried to install the “FlowDoh” plugin that purports to display Top-N talkers. It was probably my error, but it just didn’t work after a “good try” to use it.
- As-is, this Docker instance only handles a single exporter (my home router), since the Docker networking doesn’t distinguish external exporter addresses.
This article is a part of the Netflow Collector series.