NetFlow is suite of protocols for computing and relaying flow-level statistics. An exporter, such as a router or switch, aggregates packets into flow records and sends them to a collector.
This feature is available as a plugin for VAST. Please contact us if you are interested in trying it out.
VAST has native support for NetFlow v5, v9, and IPFIX. We have a in-depth blog post about how we implement Flexible NetFlow.
VAST can either act as collector or parse binary NetFlow data on standard
input. For the complete set of options, please consult the documentation for
vast import netflow command.
VAST can be configured to continuously import NetFlow messages from a given endpoint, which makes it a NetFlow collector. The NetFlow version is automatically identified at runtime, and mixing multiple versions (e.g., from multiple export devices) is possible.
To spin up a collector, use the
vast import netflow command:
A commonly used NetFlow collector is
nfcapd, which writes NetFlow
messages into framed files. To replay from
nfcapd you can use
Because VAST behaves like any other UNIX tool, it can also import NetFlow messages from files or standard input directly: