NetFlow Data CollectorThis application collects NetFlow data V1-V9 and stores it into either a text file (CSV or fixed width) or into a database table.
Note: This is a free version of NetFlow collector. There are no any hidden limitation to the functionality of this application.
This application collects NetFlow data V1-V9 and stores it into either a text file (CSV or fixed width) or into a database table. New text file will be created after each 100 K records. New database table will be created after each million records.
Not all netflow versions were tested. V1, V5 and V9 do work. V6 and V7 are not tested but should work as they are similar to V1 and V5 in structure. V8 should work too, but not all aggregation schemes were tested.
Application was tested with the following database engines: MS SQL Server, MS Access (JET and ACE), MySql, Oracle. MySql requires 32 bit ODBC connector installed on the collecting computer.
NOTE: When collecting NetFlow V9, application starts writing output data to a table/file after receiving a valid template definition. Since templates are not sent with each data packet it may take some time for output table/file to get created. For our test Cisco routers it sometimes takes up to 20 sec to receive a template definition.
In order for application to receive UDP datagrams sent by the NetFlow originator the corresponding port must be open from outside in to allow such UDP datagrams through. Application does not send any data out.
Application can be ran as a standard Windows interactive application or as a Windows service. In order for it to run as a Windows service the service must be installed with administrative privileges. Service installation/deinstallation can be performed from within the application as well as by using command line options "/INSTALL" and "/UNINSTALL". Interactive way of running this application does not require administrative rights.
Here are some examples of connection strings:
MS SQL Server
provider=SQLOLEDB;data source=localhost;initial catalog=<databaseName>;Integrated Security=SSPIprovider=SQLOLEDB;data source=localhost;initial catalog=<databaseName>;User Id=<userName>;Password=<password>
MS Access
Provider=Microsoft.Jet.OLEDB.4.0;Data Source="c:\temp\test.mdb"Provider=Microsoft.ACE.OLEDB.12.0;Data Source="c:\temp\test.accdb"
MySQL (ODBC connector)
Driver={MySQL ODBC 5.3 Driver};data source=<32bitOdbcDataSourceName>;Database=<databaseName>;User Id=<userName>;Password=<password>
Oracle
Provider=OraOLEDB.Oracle;Data Source=<SID/ServiceName>;User Id=<userName>;Password=<password>Provider=OraOLEDB.Oracle;Data Source=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=<serverNameOrAddress>)(PORT=<listenerPortUsually1533>)))(CONNECT_DATA=(<databaseName>)));User Id=<userName>;Password=<password>
This application only collects the data. You can use any reporting application to create nice graphs/reports. If collecting into a database tables, you can also use SQL statements to pull/sort/group the data from those tables.
This work is distributed under the Creative Commons Attribution-NoDerivatives 4.0 International license. In short, you are allowed:
- To share - copy and redistribute the material in any medium or format for any purpose, even commercially.
- You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- If you remix, transform, or build upon the material, you may not distribute the modified material.
- You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
Full text of this license is available here