netflow2ng

module
v0.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 2, 2026 License: MIT

README

netflow2ng

NetFlow v9 collector for ntopng

Tests codeql-analysis.yml golangci-lint

TL;DR

ntopng is a free/commercial NetFlow/sFlow analysis console suitible for a variety of use cases. However, if you want to collect NetFlow or sFlow data and load that into ntopng you currently have no choice but to spend 199Euro on nProbe which in my case is more expensive than the Ubiquiti USG that I wanted to collect NetFlow stats from.

Hence, I created netflow2ng.

Installing
Build From Source
  1. Make sure you have a recent version of go. I used 1.14.2. Older versions may have problems.
  2. git clone https://github.com/synfinatic/netflow2ng.git
  3. cd netflow2ng
  4. make
  5. The binary should now be in the dist directory. Copy it somewhere appropriate and create the necessary startup script(s).
Install via Docker
  1. Pull the repository using git clone https://github.com/synfinatic/netflow2ng.git.
  2. Use the optional docker-compose.yaml file with docker compose up.

Important: When using Docker, you must use host networking due to NAT causing the source port to change for inbound Netflow packets which breaks netflow2ng.

Configuration
  1. For a list of configuration arguments, run netflow2ng -h. As of v0.1.1, netflow2ng defaults to the ntopng TLV format instead of JSON. If you want to use JSON, you must use it with ntopng v6.3 or earlier.
  2. Configure your network device(s) to send NetFlow stats to netflow2ng
  3. Configure your ntopng service to read from netflow2ng: ntopng -i tcp://192.168.1.1:5556 where "192.168.1.1" is the IP address of your netflow2ng server.
Features
  • Collect NetFlow v9 stats from one or more probes
  • Run a ZMQ Publisher for ntopng to collect metrics from
  • Prometheus metrics
  • NetFlow Templates available via /templates HTTP endpoint
Ports

By default, netflow2ng listens on all addresses on the following ports. This can be changed via configuration arguments.

  • NetFlow/IPFIX: 2055
  • ZMQ connections (TCP): 5556
  • Metrics: 8080
NetFlow v9 Support

netflow2ng utilizes goflow2 for NetFlow decoding. For more information on what NetFlow fields are supported in netflow2ng, please read the goflow docs.

sFlow/IPFIX/etc support?

In theory, adding sFlow/IPFIX/NetFlow v5 support should be pretty trivial, but isn't something I plan on doing due to lack of hardware for testing/need.

How is netflow2ng different from nProbe?
  • Not 199Euro
  • Doesn't support any probe features (sniffing traffic directly)
  • Can't write stats to MySQL/disk or act as a NetFlow proxy
  • Not tested with lots of probes or on 10Gbit networks
  • Targeted for Home/SOHO use.
  • No commercial support, etc.
  • May not support the latest versions/features of ntopng
  • Written in GoLang instead of C/C++

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.