On Sun, Dec 6, 2009 at 4:39 PM, Joseph L. Casale <JCasale@xxxxxxxxxxxxxxxxx> wrote: > Anyone got a reco on a package that can collect netflow data and accept user defined queries > for specific data, like what an ip did every hour for some said interval? well, collecting is pretty easy of course - tcpdump. And you can load the files into wireshark to query. Though it is probably not just what you want. In my old job I set up a sniffer appliance which basically ran tcpdump on any interface except the main interface, and logged it all in circular log files of a certain size. And the directory where these were kept were served out via the web server so that anyone could surf to the box and grab log files to look at. You may also want to have a look at what ntop can do these days - it has been a few years since i've looked at it. But of course this all assumes the traffic is visible to your CentOS box. For my sniffer appliance the way to deploy it was that all the other NICs except the main one got plugged into a mirror port on the switch, which mirrored the particular PC we wanted to sniff. In our case this was fine because we only monitored our product which was a VOIP appliance we were developing. Alternately, running this on your router will pick up most of what you want - but obviously not local LAN traffic -- “Don't eat anything you've ever seen advertised on TV” - Michael Pollan, author of "In Defense of Food" _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos