« Previous 1 2 3
NetFlow reporting with Google Analytics
Traffic Analysis
Own NetFlow Analyzer as an Alternative
Professional NetFlow analyzers impress with sophisticated reports, support for capacity planning and a whole load of statistics with colorful diagrams. However, the vendors all want a share of what may already be a stretched IT budget. A good open source tool is usually fine for the occasional glance at the acquired NetFlow data. The installation, configuration and maintenance overheads are, however, just the same as for the full use.
Several excellent open source products are available for NetFlow evaluations: NTop, EHNT, or FlowViewer. A server with sufficient memory and disc I/O is required for using these tools. The installation requires Linux knowledge and may not be suitable for a homogeneous Windows environment. The problem with storing NetFlow information locally is the large amount of data. We have handed this challenge off to Google Analytics; unfortunately, at the expense of a fast response.
Conclusions
The words "Google Analytics" set alarm bells ringing for many critical users. As with all external services, it is essential to check whether the data transfer is compatible with your internal company policies and data protection law before using GA. Google Analytics offers anonymization routines, which are also included in the flow-ga.pl script, for IP addresses. Thus, the only information that leaves the enterprise is desired and anonymized.
The use of Google Analytics as a NetFlow analyzer makes it possible to evaluate and monitor your own network without deploying a full-blown server. After several days, enough information will be available to identify meaningful reports about the use and misuse of the IT infrastructure. The advantages and the charm of a NetFlow Analyzer from the cloud still outweigh the drawbacks, even though you will not have 100 percent accurate values for the bandwidth or packets used.
Infos
- Cisco IOS NetFlow: http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-netflow/index.html/
- Cisco Systems NetFlow services export: https://www.ietf.org/rfc/rfc3954.txt
- Google Analytics Academy: https://analyticsacademy.withgoogle.com/course02/assets/html/GoogleAnalyticsAcademy-PlatformPrinciples-Lesson1.2-TextLesson.html
- NetFlow Export Datagram Formats: http://www.cisco.com/c/en/us/td/docs/net_mgmt/netflow_collection_engine/5-0-3/user/guide/format.html/
- Nfdump: http://nfdump.sourceforge.net/
- Google Analytics: http://www.google.com/analytics/
- Google Analytics Measurement Protocol: https://developers.google.com/analytics/devguides/collection/protocol/v1/?hl=de/
- Scripts (commented in German): ftp://ftp.linux-magazine.com/pub/listings/admin-magazine.com/27
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Improved visibility on the network
OpenNMS collects and visualizes flows so you can discover which network devices communicate with each other and the volume of data transferred. -
DDoS protection in the cloud
OpenFlow and other software-defined networking controllers can discover and combat DDoS attacks, even from within your own network. -
Virtual switching with Open vSwitch
Virtualization with Vmware, KVM, and Xen is here to stay. But up to now, no virtual switch has supported complex scenarios. Open vSwitch supports flows, VLANS, trunking, and port aggregation just like major league switches.
-
Building a defense against DDoS attacks
Targeted attacks such as distributed denial of service, with thousands of computers attacking your servers until one of them caves in, cannot be prevented, but they can be effectively mitigated. -
Detecting security threats with Apache Spot
Security vulnerabilities often remain unknown when the data they reveal is buried in the depths of logfiles. Apache Spot uses big data and machine learning technologies to sniff out known and unknown IT security threats.