NetFlow2SQL Collector can be used to receive NetFlow packets from 20 Cisco and other routing devices and store their contents into databases on Microsoft SQL and MySQL servers for retrieval and analysis. NetFlow2SQL Collector runs in background as a Windows service, listens traffic data, and records it continuously. The main features of the NetFlow2SQL Collector are: decoding of NetFlow v5 packets; accessing up to ten local and remote SQL servers; creating new SQL tables and dropping old ones; providing user-friendly interface to configure your router list, control the Windows service, and monitor the overall process. The configuration settings are: NetFlow UDP port number, NetFlow router IP address, MSSQL or MySQL server host name, SQL server TCP port number, SQL database name, SQL server user name, SQL server password. NetFlow2SQL Collector automatically creates each month a new table in the given database. The table fields are: Num - record number, FlowSeq - NetFlow sequence counter, DateTime - current count of seconds since 0000 UTC 1970 (Unix time), SrcAddr - source IP address, SrcPort - TCP/UDP source port number, DstAddr - destination IP address, DstPort - TCP/UDP destination port number, NextAddr - IP address of next hop router, Protocol - IP protocol type (TCP, UDP or other), Packets - number of packets in the flow, Bytes - number of bytes in the flow, Input - SNMP index of input interface, Output - SNMP index of output interface. NetFlow2SQL Explorer can be used to explore contents of NetFlow packets stored in MSSQL and MySQL databases by NetFlow2SQL Collector. The program creates a list of SQL servers, databases and tables and allows to retrieve data by following criteria: date, time, source, destination and next IP addresses or their masks, source and destination ports, IP protocol number. Also, it is possible to perform custom queries using WHERE clause search conditions. Fetched rows are shown as a data sheet and can be exported into csv and xls files.
Keywords: network monitoring netflow netflow collector netflow data ip traffic cisco mssql mysql