I hate to say it, but if nobody adds v9/IPv6 to flow-tools really soon, I will have to switch too. We're deploying IPv6 in production, and not having flow data is unacceptable.
I'm looking for: pure open source (BSD/GPL/MIT-style licenses) active user community command-line flow printing & filtering The two obvious replacements seem to be nfsen and SiLK. Anyone have any opinons one way or another? ==ml On Wed, Apr 11, 2012 at 05:18:08PM -0400, Joe Loiacono wrote: > Dave, > > Ironically I am finishing up testing for FlowViewer v 4.0. It now supports > both flow-tools (for legacy) and SiLK v 3.0 (which supports Cisco's v9 and > IPFIX.) Version 4.0 also has a new user interface (but preserves all > existing Trackings, etc.) > > NASA (as govt.) was eligible for a beta of SiLK v 3.0 and we've developed > FlowViewer 4.0 around it. You will be able to use either flow-tools or > SiLK, or both at the same time. My testing has set up new Trackings using > SiLK, but I can't think of why you wouldn't be able to modify existing > flow-tools ones to use SiLk without missing a beat. I'll test it out :-) > > I'm not sure what the NetSA group at Carnegie-Mellon's plans for general > release for v3.0 are, but FlowViewer is now ready. I'm waiting for them. > > You might inquire as to their plans and see if you can get an early copy. > If so, I can provide a copy of FlowViewer 4.0. > > wrt flow-tools, I communicated with Mark Fullmer maybe two years ago. He > sounded quite interested in doing a v9 upgrade, but must have had higher > priorities. Still an awesome tool for v5 though.... > > Joe > > > From: David Faught <[email protected]> > To: flow-tools <[email protected]> > Date: 04/11/2012 03:45 PM > Subject: [Flow-tools] Where did the community go? > Sent by: [email protected] > > > > >From the lack of activity and a few of the last entries, I am slowly > figuring out that flow-tools community support has pretty much > dissolved. So what are people doing instead of flow-tools? Has > everyone gone and bought Lancope Stealthwatch or stayed with open > source and gone to SiLK (http://tools.netsa.cert.org/index.html)?? > > I have quite a lot of time and effort wrapped up in using flow-tools > and both Dave Plonka's FlowScan and Joe Loiacono's FlowViewer. If I > need to eventually convert away from flow-tools to SiLK, I would > ideally want a simple way to convert both historical data in > flow-tools format and both of these higher level tools' feeds. > > Or maybe someone will pick up the pieces and continue with flow-tools > development? > > Thoughts??? > > Cheers, > Dave > _______________________________________________ > Flow-tools mailing list > [email protected] > http://mailman.splintered.net/mailman/listinfo/flow-tools > > _______________________________________________ > Flow-tools mailing list > [email protected] > http://mailman.splintered.net/mailman/listinfo/flow-tools -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery [email protected], Twitter @mwlauthor _______________________________________________ Flow-tools mailing list [email protected] http://mailman.splintered.net/mailman/listinfo/flow-tools
