nfdump VS pmacct

https://github.com/phaag/nfdump its an "simple" collector. It is just an CLI tool. If you can utilize the cli it's a monster to analyze the raw data. if you need a fancy gui then this is the wrong collector.

Try the open source nfdump (this should also be a package in Debian/Ubuntu at least). You would configure 'nfcapd' to receive netflow data, then process it with 'nfdump' which is a commandline tool for obtaining statistics on traffic (e.g. top N IPs for bytes/flows, etc).

For the quick look nfdump https://github.com/phaag/nfdump is in use. Since it is a CLI tool, it is not really suitable for managers.

If you want a tool that can ingest from a span port and generate netflow or IPFIX there is pmacct. This should work with your existing tooling that collects netflow data.

Your best bet is probably pmacct. I don't think this functionality is built-in per se, but it would be fairly easy to use syslog-ng or similar to read its output from file or stdout. It can also aggregate for you, if that's useful.

While I'm not a current customer of Timescale, I do use the open source version of Timescale extensively, so I feel like I can summarize some of the benefits of Timescale over other TSDB's. The company is a mid size, with awkward data 4+PB unstructured data, with our Postgres cluster hosting about 20 TB of data.

The main advantage from my perspective, is that you can query across data business data and time series data with all the advantages that Postgres has. Time series data while useful on its own, becomes incredibly powerful when it can be combined with your business and production data.

A great example is our outbound network data monitoring. We use pmacct http://www.pmacct.net/ to send network flows to Postgres from our firewall, host inventory data in Postgres, and a foreign data wrapper around our LDAP data to determine user / host assignment, and from that we can correlate every data flow to the user who is assigned to the host that generated that particular flow. This makes for some pretty powerful security reporting. Outside of that, we use Timescale's hypertables in a number of places that aren't explicitly timeseries data, like syslog data, web server logs, etc. This allows for some pretty amazing reporting on log data that is timeboxed, like "give me all the 500 errors from our HTTP log that have an ip address in Finland (did I mention that we load GeoIP data into Postgres every night) in the last 3.5 hours.

Timescale is excellent on its own, and honestly competitive with other TSDB's on its own. Having access to the full Postgres ecosystem with your timeseries data makes Timescale way ahead of everyone else. My story might change when I hit the limits of what a single Postgres host can ingest, but I'm not even close to that scale yet.

Other advantages of Timescale, is having access to real SQL, you don't have to learn a new domain specific query language, you can just use SQL. This admittedly can be a double edge sword. SQL is more complicated than PromQL / InfluxQL, however that comes with quite a lot of extra capability, and the ability to transfer that knowledge into other domains.

I personally really like Timescale, and feel that regardless of anyones benchmarks, no matter how well thought out or not, the advantages outweigh the disadvantages by a pretty large margin.

GoFlow doesn't capture raw packets, it accepts IPFIX/Netflow/sFlow. You will either need to configure your equipment to generate that flow data and send it to the goflow collector, or use an application like pacct to capture packets and generate IPFIX/Netflow data from it.

https://github.com/pmacct/pmacct is the best exporter I've found. I can pull some old configs for pmacct if you're interested. You can either BGP peer pmacct to FRR to enrich IPFIX with ASNs or you can even instruct pmacct to read prefix to AS mappings from a file.