guilhermefigueiredo
commented
9 years ago I have today integrated fastnetmon + graphite + grafana
Closed pavel-odintsov closed 7 years ago
guilhermefigueiredo
commented
9 years ago I have today integrated fastnetmon + graphite + grafana
pavel-odintsov
commented
9 years ago Is it real attack?
guilhermefigueiredo
commented
9 years ago hello pavel!
some do, some do not. we still have some false positives that we are analyzing. So still we do an analysis of these false positives with nfsen.
pavel-odintsov
commented
9 years ago If you use netflow I have bunch of recommendations against false positives, please ask in maillist :)
thomas-mangin
commented
9 years ago For netflow we find that long lasting flows ( weeks ) can cause big spikes, so we cross-check with link utilisation to prevent false-positive.
pavel-odintsov
commented
9 years ago Thomas, thanks for feedback. Could you offer example of cross check?
thomas-mangin
commented
9 years ago We use code base similar to exaddos to use SNMP and pull our transit and peering interface. This is displayed on the NOC's screens, we have threshold which alerts when we see unusually high PPS/Bandwidth. So we can decide to act/ignore alerts coming from NetFlow.
pavel-odintsov
commented
9 years ago Thanks! We could try!
But I have another idea behind this:
# In some cases with NetFlow we could get huge bursts related to aggregated data nature
# We could try to get smoother data with this option, i.e. we will divide counters on collection interval time
netflow_divide_counters_on_interval_length = offOr you could try to use LUA handler and drop "long" data completely.
pavel-odintsov
commented
7 years ago We have few community-contributed Grafana Dashboards (please check FastNetMon's mail list for details)
It's really important! We need good visualization!