Pflowd with netflow monitor **VS** NTOP



  • I have used ntop in the past and am now using pfflowd with ManageEngines Netflow Analyzer which gives you 1 free collector.  Are there reasons one is better than the other?  Why someone would prefer one over the other?

    Things I have seen so far: (please add or correct)

    ManageEngines:

    Excellent report capabilities to PDF.
    Search based on specific criteria. ie..Source, destination or port.
    Create custom groups based on IP/Network and or Ports.
    Password Protect web interface.
    Automatic refresh of traffic bar every 1 minute.
    Requires PC or Server.
    Monitor 2 interfaces (Free)

    ntop:

    No PC needed.
    Password Protect web interface.



  • I've never used pflowd before, but it seems that ntop uses allot of memory and can be pretty " buggy" on the pfsense stable version.

    I would like to try pflowd, but if I understand correctly, I would need another package from manageengine on another pc to output/view the data?

    I'm sure it's easy to install, but do I need to make any advanced configuration options on the pfsense? Or do I just install pflowd?

    Sorry for highjacking your topic..



  • No problem.  Manageengine's product is the best I have seen so far (For a free product).  Just download and install on PC.  Install pfflowd package and specify the IP of the PC in the pfflowd option in pfsense.  Log into the web interface on the PC.  I found one issue that was odd.  I had to create ip group with my subnet in order to see traffic inbound and outbound.  The default interface did not seem to show all traffic.  Only inbound.  But it might be something to do with my setup.

    I have been setting up this product up at client locations with pfsense and it has been a tremendous help in analyzing network flow.

    PM me if you have difficulties or create a new post.



  • You can password protect ntop.

    Admin -> Configure -> Protect URL's

    Instructions in the man page or online.



  • thx…corrected



  • @kapara:

    No problem.  Manageengine's product is the best I have seen so far (For a free product).  Just download and install on PC.  Install pfflowd package and specify the IP of the PC in the pfflowd option in pfsense.  Log into the web interface on the PC.  I found one issue that was odd.  I had to create ip group with my subnet in order to see traffic inbound and outbound.  The default interface did not seem to show all traffic.  Only inbound.  But it might be something to do with my setup.

    I have been setting up this product up at client locations with pfsense and it has been a tremendous help in analyzing network flow.

    PM me if you have difficulties or create a new post.

    I have been having issues with bandwidthd, so I tried pflowd, and it works great.  Nice graphs, lots of great information, and since I have another server running 24/7 it fits my use.    My issue with this is that I am also having problems getting both inbound and outbound to log.   I am in the process of experimenting with the protocol version to see if it helps. pf 1.2.1.  Update: version does not help.  Reading from other posts, sounds like something with the states table??  Anyways, looks broken at current state..
    Anyone else have this issue?

    tks



  • If using manageengines product create an IP group with your subnet.  Then it will show you inbound and outbound.  It is odd.  It is as if pfflowd combines the data into one interface.  When I use Manage Engine with Cisco router it creates 2 separate interfaces.  One for inbound and one for outbound.  You have to create an IP group with your subnet. A, B or C.



  • Hi

    Good sergestion to add a device for the unix server exporting netflows, works great and now i can see in and out traffic.  Im currently using softflowd to do the netflow export.

    However here is a problem :( i want to create a bridge with the freebsd server and monitor the netflows on the bridge… once again going to only have the inbound traffic :( and no outbound traffic



  • I have had lots of problems with using pflowd on a pfsense in bridge mode.  It seems to combine the traffic on the LAN and WAN so the traffic showing in the flow analyzer is double!.  I have a 6 mbit connection and it is showing me using 12 mbit.  Seems to be a bug that no one seems to be interested in fixing.



  • I agree… Manage Engine's Netflow Analyzer Pro is the best... The free trial of one interface convinced the "powers that be" we needed this package as expensive as it is! The PDF reports are great, is a must for anyone who "multi-homes" it has nbar support, monitors your AS #... It is a solid product, we ran it on a 800Mhz Celeron Windows box for a week while we tested it, not the best performance, but it worked good enough til purchase! Its netflow aspect blows intermappers netflow collector out of the water!

    There are several cheap / free netflow collectors, just google it, but Manage Engine makes great stuff... We are even able to use a linksys running dd-wrt and export flows to my collector... I want to be able to use an embedded box, ALIX, and run pfflowd on it, creating a cheap and more robust netflow exported router!

    Any else managed to pull off pfflowd on an embedded image install!?!? I have soo many ALIX boards deployed with pfsense already... it would be soo great to export to my netflow analyzer!


Locked