[Part of the series of blog postings on Netflow]
Webview Netflow Reporter is a lightweight Netflow collector and web display tool based on wvnetflow and flow-tools in a Docker container. Webview Netflow Reporter was created by Craig Weinhold craig.weinhold@cdw.com. The original wvnetflow site is hosted at SourceForge.net.
The Dockerfile is available from Github.
Pros
- Pretty graphs – Displays stack charts of the kinds of traffic (web, email, network, telnet, ssh, dns, mysql, sip, p2p, file server, etc) flowing through the router at any time. See the graphic above.
- Click on an interesting point of the graph, and see exactly what traffic was being sent during that period.
- Automatically detects exporters – no configuration required.
- Lightweight – Runs on a modest computer. Works great if you’re only handling a single home-router’s flow exports. I haven’t tested it with more exporters/more traffic.
- The Docker container comes pre-configured to display charts “out of the box”.
Cons
- No automatic way to see “top talkers” – who’s hogging the bandwidth. You have to click the graph, then scroll through a table of hosts that were transmitting at the time.
- One-minute granularity – The lowest granularity is one minute, despite the fact that the flow data has millisecond accuracy.
- Five-minute time chunks – Data only gets updated every five minutes. This probably could be configured to change the processing rate.
- Text-based configuration – Configuration files are arcane.
- As-is, this only handles one exporter. See Known Issues/Questions
- There’s an outstanding issue where there are gaps in the displayed charts. Hopefully this will be resolved.
This article is a part of the Netflow Collector series.