Netflow Collectors, or "Who's hogging the bandwidth?"

Now that LEDE has an official release, I hungered for a way to see what kinds of traffic is going through my network. I wanted to answer the question, “who’s hogging the bandwidth?” To do that, I needed a Netflow Collector.

A Netflow Collector is a program that collects flow records from routers to show the kinds and volumes of traffic that passed through the router. The collector places those flow records into its internal database, and lets you search/display the data. (You also need to configure your router to send (“export”) flow records to the collector. My experiments all employ the softflowd Netflow Exporter. It is a standard package you can install into your LEDE router.)

I am working to create netflow collectors in a (Docker) container so they're easy to install. They work fine running on a Mac mini that's always on, collecting and displaying the flow data.

You can read more at my blog posting, Netflow Collectors for Home Networks.

Have you considered/used ELK stack with NetFlow module?
I'm also interested in that. The only thing I don't like is that the whole system requires at least 4Gb of RAM. I will be running a small PC with 8Gb of RAM and I don't want half of the resources used for that. I'm thinking is there a way to run just logstash to collect the logs and send then to the whole ELK stack over time.

http://nfsen.sourceforge.net/

@alex357, BTW, this thread was 2 years old.

[I don't mind responding to old threads that are still relevant.]

Several people mentioned Elk in a recent NANOG thread (see https://mailman.nanog.org/pipermail/nanog/2018-December/098628.html) But they were more interested in enterprise level traffic, so didn't have the constraints that a home PC might have.

My series about Netflow Collectors for Home Networks was more geared toward low-demand systems. I did mention (and got working) nfsen.