ElastiFlow
DISCONTINUED
goflow
Our great sponsors
ElastiFlow | goflow | |
---|---|---|
31 | 6 | |
2,311 | 810 | |
- | 1.6% | |
4.1 | 2.5 | |
over 2 years ago | 15 days ago | |
Shell | Go | |
GNU General Public License v3.0 or later | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ElastiFlow
- NETFLOW .. NTOPNG how to ?
-
Threat detection
One thing I ran for a while was security onion and utilized port mirroring to mirror the uplink port from my primary switch to my LAN on my router, so I was catching anything coming into/out of my network destined for internet. I've also used ElastiFlow ( https://github.com/robcowart/elastiflow ) which is absolutely phenomenal and awesome, I did the same and it provides some great data. You could also leverage IntelOwl ( https://github.com/intelowlproject/IntelOwl ) , one thing I have added to all my VMs is a OSSEC agent, Wazuh to be specific which is free ( https://github.com/wazuh/wazuh ) and while I am not using it to its full potential such as monitoring file deletions/modifications etc it is a powerful tool.
- Linux Network Traffic Monitor
-
Netflow bit rate and Interface Bit Rate
https://github.com/robcowart/elastiflow/issues/201 https://github.com/robcowart/elastiflow/issues/52
- Network Traffic visualization
-
Installation help, almost there.
Looks like that's deprecated, https://github.com/robcowart/elastiflow/ Any reason not to try the new one? https://docs.elastiflow.com/docs/
Where as the newer version is (https://github.com/robcowart/elastiflow/) is called:
-
Looking for a netflow monitoring solution
Whilst elastiflow has moved on and become more 'commercial', the original Github source remains, and has a lot of very useful information for setting it up. Works very well with sflow/netflow/ipfix. I have pfSense, and JunOS exporting to a Ubuntu 18.04 running Elastic 7.14.
-
Netflow Monitoring Software Based on FLOSS
Elastiflow
- Sflow (Docker Preferably)
goflow
-
Integrating Cisco ASR with Splunk without Splunk Stream.
I would greatly appreciate insights and recommendations from those who have experience in this area. Additionally, I'm interested in hearing your opinions on the best tool for this task: nProbe or goflow? Your rationale behind your recommendation would be invaluable.
- Linux Network Traffic Monitor
-
Netflow Monitoring Software Based on FLOSS
Cloudflare goflow / flow-pipeline
- Large scale flow collection
-
Monitoring 5,000 nodes
For example, for a lot of IDS work, you want to capture netflows if you can. This is something you could do with goflow. Then you can use whatever SIEM/flow analysis tools to figure out what is touching each network location.
What are some alternatives?
ntopng - Web-based Traffic and Security Network Traffic Monitoring
pfelk - pfSense/OPNsense + Elastic Stack
LibreNMS - Community-based GPL-licensed network monitoring system
Netdata - Monitor your servers, containers, and applications, in high-resolution and in real-time.
loki - Like Prometheus, but for logs.
goflow2 - High performance sFlow/IPFIX/NetFlow Collector
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Zabbix - Real-time monitoring of IT components and services, such as networks, servers, VMs, applications and the cloud.
FastNetMon - FastNetMon - very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support
docker-nfsen - NFSEN in Docker
Sentry - Developer-first error tracking and performance monitoring