I know there was a few old posts about adding support. Just kinda curious if any progress was made in that regard. And to add my use case for this feature.
It would be very handy in my case to monitor the company edge routers for DDOS attacks.
In this use case basically you need to know the "top talkers" and keep an avg of the packets per sec per ip.
Also maybe the top 3 protocols mail, http, ssh etc..
Currently my solution is not the best, I have another bit of software that sends syslog messages to netxms. For further event processing.
We are currently also using additional software for flow data.
Our use case is less about alerting on DDoS or similar, but retroactively searching through the available data to identify specific data flows at a given time.
Either way, it would certainly be a nice to have.
are there some news? Maybe in V2.1?
Netflow data analysis would be great, but I do understand that even basic implementation can be quite demanding task.
Is this the part that is already implemented http://git.netxms.org/public/netxms.git/history/HEAD:/src/flow_analyzer?js=1 ?
Which protocols are other users mostly interested in?
- sFlow
- NetFlow v5
- NetFlow v9
- IPFIX
- some other?
Best Regards,
Lukas