The flowd app is a compact and speedy NetFlow collector that guarantees optimum security during data collection.
Flowd supports filtering and tagging of flows, utilising a packet filter-like syntax. It also stores recorded flow data in a compact binary format, which supports runtime choice over which flow fields are stored. Flowd ships with both Perl and Python interfaces for reading and parsing the on-disk record format. The software is licensed under a liberal BSD-like license.
Flowd works with any standard NetFlow exporter, including hardware devices (e.g. routers) or software flow tracking agents, such as the creator's own softflowd and pfflowd. Referring to the README for more information is suggested.
The flowd daemon follows the Unix philosophy of "doing one thing well" and doesn't try to do anything beyond accepting NetFlow packets and storing them in a standard format on disk. It does not include support for storing flows in multiple formats or performing data analysis, leaving such options to external tools. The source distribution includes several example tools, including a basic reporting script and one to store flows in a SQL database.
The latest release of Flowd includes major improvements to performance and functionality. In particular, the flow format has been modified to store more information and be faster to read. Input and output buffering have also been improved, new flow filtering options have been added, and the Python API has been rewritten and extended to be many times faster.
Version 0.9: N/A