Answer the question
In order to leave comments, you need to log in
How to analyze Netflow?
Hello dear!
I distribute the Internet to several people using NAT on a regular Mikrotik. And in the light of political arbitrariness in the country, I am afraid that they may come to me with accusations of some, for example, a bad comment on Vkontakte, although I did not leave it, but my "client" did it.
Therefore, the question is number one: how to track exactly who from the internal local network left a comment on such and such a day, at such and such a second many years ago.
The first thing that comes to my mind is to store Netflow records. That is, by raising the flows during this time, I will see which local IP accessed the external IPs of the VK at that time. Correct me if I'm wrong.
Hooked on this idea, I successfully configured Netflow IPFIX on Mikrotik, installed nfdump on a server with Ubuntu and now I have a lot of files with binary data. But for their simple analysis, I can’t find a tool in any way. And that's question number two.
If I am right in the first part of my question, then please tell me some analyzer or Netflow collector / analyzer with a web interface for Linux for a simple and understandable search for user requests. Well, or any other way of visual representation of data not through the CLI.
Answer the question
In order to leave comments, you need to log in
you can simply put billing, micro-billing (not advertising, therefore no links). up to 10 free.
there is both a netflow collector and an interface for analysis. There is a nuance, is it true, are you going to perform the spring season? It is necessary to store not only statistics but the data themselves now.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question