Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Tor Houghton (torhbogus.net)
Date: Thu May 02 2013 - 04:40:23 CDT
If you don't have too many flows (seeing as you are using it for the home
network), you could install Splunk* with the "Netflow for Splunk"
application (which uses nfcapd/nfdump) instead of using nfsen. This allows
you to correlate flows with other type of interesting log information as
well as allow you to visualise it (e.g. using Google maps, various graphs
and so on).
* The "free" version can index 500MB day; I have not yet reached that limit
for my home network. Cannot run on OpenBSD.
On Wed, May 01, 2013 at 10:22:50PM +0200, Peter N. M. Hansteen wrote:
> Jan Stary <hansstare.cz> writes:
> > I just started using plfow(4) on the router/firewall
> > of my small home network. What do people recommend for
> > collection and analysis tools? So far, I am aware of
> > packages for flow-tools, flowd, and softflowd.
> My absolute favorite is nfdump feeding nfsen. pkg_add nfsen and reading
> the package message should get you alle the way there inside a few
> - P
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd: 18.104.22.168: disconnected after 42673 seconds.