cflowd 2.0 review
Downloadcflowd is a flow analysis tool currently used for analyzing Cisco's NetFlow enabled switching method
|
|
cflowd is a flow analysis tool currently used for analyzing Cisco's NetFlow enabled switching method.
The current release (described below) includes the collections, storage, and basic analysis modules for cflowd and for arts++ libraries. This analysis package permits data collection and analysis by ISPs and network engineers in support of capacity planning, trends analysis, and characterization of workloads in a network service provider environment. Other areas where cflowd may prove useful are: tracking for Web hosting, accounting and billing, network planning and analysis, network monitoring, developing user profiles, data warehousing and mining, as well as security-related investigations.
cflowd is no longer supported by CAIDA. Instead, please consider the use of flow-tools, which will provide a toolset for working with NetFlow data. flow-tools can also be used (like cflowd) in conjunction with FlowScan, maintained by Dave Plonka at the University of Wisconsin, Madison.
Requirements:
cflowd requires the arts++ package. You should download and install arts++ before downloading and building cflowd. cflowd needs header files and libraries from the arts++ package, and the arts++ package contains the C++ library for handling the data stored by cfdcollect (as well as a handful of utilities for aggregating and viewing the data).
What's New in This Release:
cflowd has been completely redesigned and reimplemented for the 2.0 release.
Added support for v1 flow-export.
All tables are now per input interface.
New tabular data: port matrix, interface matrix, nexthop table. The old port table has been replaced by the more granular port matrix.
A new cflowdmux process which permits access to raw flow packets.
A fully functional central collector is now included (cfdcollect). This allows you to archive time-series tabular data from multiple instances of cflowd.
All counters are 64 bits.
New filtering code is significantly faster; flowdump benefits from the increased performance.
Local clients (cfdases, cfdnets, et. al.) will show the time interval for current data.
Local clients can show pkts/sec and bits/sec in addition to packet and byte counters.
Added manpages.
mmap() is gone for the tabular data; local clients connect to a UNIX domain socket to view current data. This removed a lot of code complexity.
cflowd 2.0 keywords