Hello,
Mikrotik devices can produce IPFIX data.
Which Debian installable IPFIX collector would you recommend to collect this data and store in SQL database ?
Best regards
Hi,
I’ve learned that the v9 & IPFIX data produced by Mikrotik is not entirely correct when it comes to timestamps…(flow start/stop is always 1970-00-00)
I’ve opened a ticket for this some weeks ago but never got any response.
Currently I’m using Netflow v5 which seems to be working correctly.
In terms of tooling I AM using SPLUNK Addon for netflow.
I’ve also compiled/use the the NFDUMP packages to capure netflow data and write them to CSV. This is where I noticed the RouterOS unclarity in the timings.
Thank you very much for replying.
I’ll give nfdump a try.
Thanks again
Correction : I AM using the Splunk Addon that processed the Netflow v5 data straight into Splunk.
If you use the NFDUMP tools and write out CSV’s (other possibilities exist also) then you have also quite some options.
I’ve explored if my InfluxDB could be used, but the type of data is not really suited for it. InfluxDB is more for time-series data which Netflow is not really.