netflow collector open source

Netflow Collector Open Source

ElastiFlow is arguably the most popular open-source solution for NetFlow analysis today. It is not just a collector; it is a full-stack solution built on top of the Elastic Stack (Elasticsearch, Logstash, Kibana).

– Tiny, but production tip: feed output into Vector (observability pipeline) to enrich, sample, then to ClickHouse or Loki. Don't write your own aggregator unless you love off-by-one sequence errors.

Before the era of fancy web dashboards, there was nfdump . It is a set of command-line tools to collect and process NetFlow data. It is incredibly fast and efficient. netflow collector open source

: A network device (like a router or firewall) that groups packets into flows and sends records to a central location.

As the ISP grew, Elias realized that old-school collectors couldn't keep up with the sheer volume. He discovered , a modern flow collector that used ClickHouse for high-performance storage and Docker Compose for easy deployment. It didn't just collect data; it enriched it with SNMP interface names and Geo-IP information, turning dry numbers into a map of the world. ElastiFlow is arguably the most popular open-source solution

: The front-end software that provides dashboards, reports, and alerts based on the collected flow data. Top Open Source NetFlow Collectors for 2026

What is netflow and how to use it to analyze network traffic Don't write your own aggregator unless you love

– The new hotness. Built by network engineers at OVHCloud. Does flow classification (web, dns, p2p) and interface naming (from SNMP). The killer feature: akvorado-console – a web UI that actually shows which interface on which router is dropping flows. Game changer for troubleshooting.

| Tool | Language | Storage Backend | Superpower | Silent Killer | |------|----------|----------------|------------|----------------| | | C | flat files (nfcapd) | Blazing fast CLI queries ( nfdump -R /flows -s bytes ) | Disk I/O death on high pps | | pmacct | C | MySQL/PgSQL/ClickHouse | BGP-aware, can act as a probe | Complex config (think iptables but for flows) | | Elastiflow (v4) | Python/Java | Elasticsearch | Beautiful Kibana dashboards out of the box | RAM hog + ES cluster ops pain | | GoFlow | Go | Kafka or anything | Lightweight, protocol-agnostic | No built-in storage; you build the pipeline | | Akvorado | Go + ClickHouse | ClickHouse | Built-in Kafka + ClickHouse, amazing L2/L3 visibility | Steep learning curve (docker-compose required) |

"We have a spike on the upstream to Frankfurt," Elias muttered, staring at a basic SNMP graph that showed a flat line at 100% capacity. "But I don't know who's doing it. Is it a DDoS? A backup job? A customer running a rogue BitTorrent node?"

While many tools exist, the following are widely recognized for their performance and community support:

Videos
Duration (minutes)
Quality
Categories