Vision, experience, customer feedback and daily usage are probably the best ways to improve a product, and these were the driving factors that led to this new version.

With improved daily usage more bugs come out and were fixed, and don't trust who tells you their software is perfect, we're all human beings and we all make mistakes. The difference lies in being able to admit them.

But hey, enough of this, what's new ?

Well, a lot of things. First of all there are a lot of optimizations that led to better responsiveness and more practical use.

A new data output format ( CSVFULL ) was added to improve integration with SIEMs. This allowed me, as example, to integrate Fl0wer with ELK in matter of minutes. And in ELK you can do all the nice things that would require months of coding in clueless web frameworks that are old the day after they are out. Oh, for veteran Unix admins, there's nothing better than a quick'n dirty grep & awk ! BTW, Splunk testing is on the way.

ELK ExampleELK quick & dirty example !

I just counted them for curiosity and in the Fl0werUI client there almost 90 different views on your network data. Not bad for an open source Python + Tkinter application !

There are now features that allow you to discover things based on seen Netflow traffic:

  • OSPF, BGP, EIGRP, RIP routers
  • SNMP Clients (you should have only your Network Management station, won't you ?) and Agents
  • iSCSI Targets, FTP, TFTP, NFS & CIFS Servers
  • SMTP/SMTPS, POP3/POP3S, IMAP/IMAPS and WebMail servers

Also, if you define a policy of usable DNS and NTP servers and BGP peers, you can easily see the discrepancies, and know who's using not allowed servers.

NTP DiscrepancyIn this example, my phone (joined to my wireless network) is asking NTP time to this server, and I'd like to know why :-) !

Extensive testing was made at a friendly ISP with a 1Gbit line full of Internet traffic, and well, with a small VM (8Gb and 4 vCPUs) the collecting process was at about 3.3%, doing CSVFULL export, analyzing bad reputations with blacklist from Talos, analyzing for IP Bogons and processing an average of 800 FPS.

CPU usage for 1Gbit ISP trafficCPU usage for 1Gbit ISP traffic

Finally, it can seem trivial, but now you can send mail from within LUA scripts to inform you that a certain Flow was seen or whatever you want.

Yes, this is the collector you were looking for, and more things will come :-)

For any information, just contact me.