In my first blog post Log Insight + Netflow = Awesome I show cased that Log Insight could be used to ingest netflows and showed some graphics and talked about possible extensions the data found into other products such as vRealize Operations or NSX. I got some comments from people who wanted to learn more, but instead of me keep answering the same questions, I have posted what and how on to github. This marks the first github project that I have created. So even though this is not even half baked, not thought through and very much just for showcasing the possibilities with Log Insight, I have made it publicly available, so that every one can have a go at it. Hopefully in time this will become much more useful.

All content is available on github at this url https://github.com/MichaelRyom/LogInsight-Netflow

Below you can see the scripts which currently have been uplaoded to the github project including the Log Insight content pack for Netflow.

Installation guide:

nfcapd:

netflow-clean.sh:

Crontab:

Netflow v0.1.vlcp – This is the content pack for the dashboard and agent configuration that I have been using: