Feedback
While Graylog is primarily a log management platform, it has excellent capabilities for ingesting NetFlow data.
A custom script (30 lines of Python) parsed the binary files every 5 minutes. Instead of overloading a database, we pushed the records into Apache Kafka (running on three tiny VMs). This decoupled the collection from the analysis—if the web UI crashed, we wouldn't lose flows.
Small business environments or home labs that only need to monitor a primary router or firewall.
The problem: Commercial collectors (SolarWinds, Scrutinizer, etc.) cost more than our monthly AWS bill. "There's no budget," the CTO declared. "Get creative."
While Graylog is primarily a log management platform, it has excellent capabilities for ingesting NetFlow data.
A custom script (30 lines of Python) parsed the binary files every 5 minutes. Instead of overloading a database, we pushed the records into Apache Kafka (running on three tiny VMs). This decoupled the collection from the analysis—if the web UI crashed, we wouldn't lose flows.
Small business environments or home labs that only need to monitor a primary router or firewall.
The problem: Commercial collectors (SolarWinds, Scrutinizer, etc.) cost more than our monthly AWS bill. "There's no budget," the CTO declared. "Get creative."
