The nfdump tools collect and process netflow data on the command line.
They are part of the NfSen project which is explained more detailed at
http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-plenary-tue-nfsen-nfdump.pdf
NFDUMP tools overview
All tools support netflow v5 and v7.
nfcapd - netflow capture daemon.
Reads the netflow data from the network and stores the data into files.
Automatically rotate files every n minutes. ( typically ever 5 min )
nfcapd reads netflow v5 and v7 flows transparently. You need one nfcapd
process for each netflow stream.
nfdump - netflow dump.
Reads the netflow data from the files stored by nfcapd. It's syntax is
similar to tcpdump. If you like tcpdump you will like nfdump. Displays
netflow data and can create lots of top N statistics of flows IP
addresses, ports etc ordered by whatever order you like.
nfprofile - netflow profiler.
Reads the netflow data from the files stored by nfcapd. Filters the
netflow data according to the specified filter sets ( profiles ) and
stores the filtered data into files for later use.
nfreplay - netflow replay
Reads the netflow data from the files stored by nfcapd and sends it
over the network to another host.
nfclean.pl - cleanup old data
Sample script to cleanup old data. You may run this script every hour
or so.
fdd4e007d2