Dear Eliane, > I need to know if flow-tools supports the V9 netflow and if not, > what is the best replacement
there was an e-mail thread about this question last month (it was about support for IPv6 flows, but that implies Netflow v9 support): http://mailman.splintered.net/pipermail/flow-tools/2010-October/thread.html#3888 My reading of the thread is this: * flow-tools doesn't support Netflow v9 (or IPv6) right now. * There is not much hope that this will be added to flow-tools in the near future. * There are a few possible replacements for flow-tools which do support Netflow v9 (and IPv6), but all of those require changes of any analysis scripts/jobs that you have - i.e., none of them provides command-line tools that would be compatible with flow-tools. I'd recommend looking at the NFDUMP/NfSen combo, except that I have never personally used the command-line tools, and I'm biased because it was written by someone at my company (Peter Haag). But it seems to be actively maintained, many people use it and seem happy with in. And it definitely supports Netflow (and IPv6 flows) very well. If someone would contribute flow-tools-compatible command-line tools that worked seamlessly with NFDUMP/NfSen, then we would live in a perfect world and we could probably close this mailing list... But as I said, I'm biased so maybe other options are worth looking at - e.g. SiLK, or some of the commercial tools. I try to keep a comprehensive list of software here: http://www.switch.ch/network/projects/completed/TF-NGN/floma/software.html -- Simon. _______________________________________________ Flow-tools mailing list [email protected] http://mailman.splintered.net/mailman/listinfo/flow-tools
