« Previous 1 2 3

NetFlow reporting with Google Analytics

Traffic Analysis

Own NetFlow Analyzer as an Alternative

Professional NetFlow analyzers impress with sophisticated reports, support for capacity planning and a whole load of statistics with colorful diagrams. However, the vendors all want a share of what may already be a stretched IT budget. A good open source tool is usually fine for the occasional glance at the acquired NetFlow data. The installation, configuration and maintenance overheads are, however, just the same as for the full use.

Several excellent open source products are available for NetFlow evaluations: NTop, EHNT, or FlowViewer. A server with sufficient memory and disc I/O is required for using these tools. The installation requires Linux knowledge and may not be suitable for a homogeneous Windows environment. The problem with storing NetFlow information locally is the large amount of data. We have handed this challenge off to Google Analytics; unfortunately, at the expense of a fast response.

Conclusions

The words "Google Analytics" set alarm bells ringing for many critical users. As with all external services, it is essential to check whether the data transfer is compatible with your internal company policies and data protection law before using GA. Google Analytics offers anonymization routines, which are also included in the flow-ga.pl script, for IP addresses. Thus, the only information that leaves the enterprise is desired and anonymized.

The use of Google Analytics as a NetFlow analyzer makes it possible to evaluate and monitor your own network without deploying a full-blown server. After several days, enough information will be available to identify meaningful reports about the use and misuse of the IT infrastructure. The advantages and the charm of a NetFlow Analyzer from the cloud still outweigh the drawbacks, even though you will not have 100 percent accurate values for the bandwidth or packets used.

Infos

  1. Cisco IOS NetFlow: http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-netflow/index.html/
  2. Cisco Systems NetFlow services export: https://www.ietf.org/rfc/rfc3954.txt
  3. Google Analytics Academy: https://analyticsacademy.withgoogle.com/course02/assets/html/GoogleAnalyticsAcademy-PlatformPrinciples-Lesson1.2-TextLesson.html
  4. NetFlow Export Datagram Formats: http://www.cisco.com/c/en/us/td/docs/net_mgmt/netflow_collection_engine/5-0-3/user/guide/format.html/
  5. Nfdump: http://nfdump.sourceforge.net/
  6. Google Analytics: http://www.google.com/analytics/
  7. Google Analytics Measurement Protocol: https://developers.google.com/analytics/devguides/collection/protocol/v1/?hl=de/
  8. Scripts (commented in German): ftp://ftp.linux-magazine.com/pub/listings/admin-magazine.com/27

« Previous 1 2 3

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Lead Image © Sergii_Figurnyi, 123RF.com
    Improved visibility on the network
    OpenNMS collects and visualizes flows so you can discover which network devices communicate with each other and the volume of data transferred.
    more »
  • Lead Image © Amy Walters, 123RF.com
    DDoS protection in the cloud
    OpenFlow and other software-defined networking controllers can discover and combat DDoS attacks, even from within your own network.
    more »
  • Virtual switching with Open vSwitch
    Virtualization with Vmware, KVM, and Xen is here to stay. But up to now, no virtual switch has supported complex scenarios. Open vSwitch supports flows, VLANS, trunking, and port aggregation just like major league switches.
    more »
  • Building a defense against DDoS attacks
    Targeted attacks such as distributed denial of service, with thousands of computers attacking your servers until one of them caves in, cannot be prevented, but they can be effectively mitigated.
    more »
  • Photo by Geran de Klerk on Unsplash
    Detecting security threats with Apache Spot
    Security vulnerabilities often remain unknown when the data they reveal is buried in the depths of logfiles. Apache Spot uses big data and machine learning technologies to sniff out known and unknown IT security threats.
    more »
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=