We currently have a dual-NIC Ubuntu server at our data centre acting as the gateway router between our public networks and our ISP. We have a /30 cross connect network on the ISP-facing NIC, and one IP from each of the three networks attached to our interior-facing NIC.
I would like to configure network traffic statistic generation and collection on this server, using Cisco's Netflow protocols. This will allow me to confirm our ISP's billing, as well as break-down data flow within our network.
What tools or packages would you recommend to passively capture traffic statistics and record them for later processing? Extra points if the Netflow collector has a MySQL data-store connector.
Best Answer
For generating a tool like nprobe or fprobe will work fine as others have mentioned.
For collecting I like nfdump/nfsen. It doesn't use mysql, but it is really easy to work with and get data out of it in a machine readable form.
You probably don't want the full netflow data in mysql, instead it usually makes more sense to run an aggregation query and load the summary into mysql. Having 10,000,000 records in mysql is not going to be fun to work with, but inserting a daily or hourly summary of (ip,total flows,total bytes,total packets) works a lot better.