nfdump is a set of tools to collect and process netflow data. It's fast and has a powerful filter pcap like syntax. It supports netflow versions v1, v5, v7, v9 and IPFIX as well as a limited set of sflow. It includes support for CISCO ASA (NSEL) and CISCO NAT (NEL) devices, which export event logging records as v9 flows.
nfdump is fully IPv6 compatible.
- Processes netflow v1, v5, v7 and v9 FNF
- Powerful pcap like syntax for netflow
- Fully IPv6 compatible
- Processes IPFIX (beta)
Excellent and very useful
Nfdump is excellent! Thanks.
great software, using it to collect data from ASA firewalls.
The State of Arkansas Cyber Security Office is replacing Cisco MARS with the NFdump family for production netflow monitoring. We have over 1000 routers and core devices exporting flows at a rate of 45k fps peak. We find the NFdump algorithm exceedingly more efficient than the MARS approach and we are happy to be participating in this project.
nfdump works perfectly.