Hi There!

I was surprised that this topic is not actively discussed here. Just a few threads, latest being 2 years old. Too much innovation has happenned since then.

I'd like to have a functional netflow analyzer for my self-hosted setup which contains a few switches and servers. But it seems like there aren't any modern solutions tailored for SOHO.

Literally, being able to see not only live traffic. But also:

• collect historic data
• perform on-demand analysis, like what App is being used by what IPs
• being able to user-configure and tag custom Apps.

I have tried ntop-ng netflow2ng in Docker. ntopng is a nice and very efficient thing. But most of the usefull stuff that I want require paid license.

The other modern alternative is Elastiflow. But I don't want to setup a full-blown ELK for it. It's just an overkill and requires too much RAM. Elastiflow is said to be able to integrate with other modern data engines like Redpanda. But I haven't seen any use cases specifically for NetFlow.

Yet another natural choice is a TICK stack Grafana. Indeed, InfluxDB has full support for Netflow collection. Moreover, ntop-ng has influxdb at the backend. However, Grafana doesn't seem like a usefull frontend for my needs. It's just a display with no easy mechanism to do traffic drill down and analysis. Furthermore, a search of "netflow" among Grafana dashboards yields just 5-6 results with less than 1k downloads each. Doesn't look like Grafana is popular choice for Netflow.

I also liked Akvorado. But it's not a complete solution too. At best it's a live stats engine. And for historic collection and analysis they suggest Kafka ClickHouse. Didn't try the latter. But I was told it's also rather comlicated to setup. (just read on Redpanda about complexities of Kafka)

​

There's a good thread on the neighbour sub-reddit. But apart from Elastiflow ELK, all recommendations are for paid tools. Apparently, my expectation from this subreddit is for low-cost low-fee solutions.

​

So, what would you suggest and what you personally use?