flowd
flowd is a small, fast, secure, and featureful NetFlow collector. It supports NetFlow versions 1, 5, 7, and 9 over IPv4 and IPv6 transports, IPv6 flows (using NetFlow 9), filtering and tagging of received flows using a packet filter-like language, Perl and Python APIs, flexible storage (with run-time selection of which NetFlow fields are stored), reception of multicast flow datagrams, and privilege separation for security. The flowd distribution also includes a set of supplemental tools including analysis and SQL database support.
| Tags | Networking Monitoring |
|---|---|
| Licenses | BSD Revised |
| Operating Systems | POSIX BSD OpenBSD Linux |
| Implementation | C Perl |
Recent releases
- 26 Feb 2006 10:08
Changes: This release includes major improvements to performance and functionality. In particular, the flow format has been modified to store more information and be faster to read, input and output buffering has been improved, new flow filtering options have been added, and the Python API has been rewritten and extended to be many times faster.
- 01 Jun 2005 04:32
Changes: This release greatly improves the filtering capabilities of flowd and the flowd-reader tool, adding filtering on TCP flags, time of day, day of week, and address family (IPv4 or IPv6). It also adds the ability to write flowd logs to the Python API and fixes some minor bugs.
- 16 Jan 2005 22:38
Changes: This release adds support for reception of NetFlow data sent to multicast group addresses. It adds writing, concatenation, and filtering of flow logs to the flowd-reader application. There are several documentation and bug fixes.
- 03 Nov 2004 03:21
Changes: This release fixes a number of minor bugs and improves the C, Perl, and Python APIs. The Perl and Python APIs have been rewritten to use native code, greatly improving their performance.
- 24 Sep 2004 01:15
Changes: This release adds support for NetFlow protocol versions 7 and 9, including support for IPv6 flows. It also adds a distribution of tools using the Perl and Python APIs, including scripts to insert flows into an SQL database and an analysis tool to look for worm traffic.
