Get access to the latest news
Receive monthly updates on business process management, software, and Omnitas’ partners.
Sign up to get updates filled with our latest videos, blog articles, and events.
# Flows per second (FPS) spike nfcapd -p 2055 -w -l /data -T all # Real-time: watch -n 1 'nfdump -R /data -r current -s flows | head' (requires NetFlow v9 + BGP table)
SELECT src_host, sum(bytes) as total_bytes FROM netflow.flows WHERE flow_start > now() - 3600 GROUP BY src_host ORDER BY total_bytes DESC LIMIT 10; | Symptom | Likely Cause | Fix | |---------|--------------|-----| | No flows received | ACL blocking UDP 2055 | show access-list | | Flows show 0 bytes | Sampling rate too high | Reduce sampling-rate | | AS numbers are 0 | BGP table not loaded | ip flow-export bgp-nexthop | | Timestamps wrong | NTP drift | ntp peer on exporter | | High CPU on router | Flow cache too large | ip flow-cache entries 65536 |
set forwarding-options sampling input rate 1000 set forwarding-options sampling family inet output cflowd 192.168.1.100 port 2055 version 5 :
plugins: kafka aggregate: src_host, dst_host, src_port, dst_port, proto, tos, src_as, dst_as kafka_topic: netflow_raw kafka_broker_host: kafka1:9092,kafka2:9092 imt_path: /var/spool/pmacct - Top talkers last hour:
:
This guide covers production-grade NetFlow tooling. Start with nfdump for small environments, pmacct + ClickHouse for mid-scale, and GoFlow2 + Kafka for carrier-grade.
Receive monthly updates on business process management, software, and Omnitas’ partners.
Sign up to get updates filled with our latest videos, blog articles, and events.
powered by Advanced iFrame. Get the Pro version on CodeCanyon.