We may earn a commission if you make a purchase through the links on our website.
The Best Open Source sFlow Collector and Analyzers
UPDATED: January 24, 2024
Open Source sFlow collectors and analyzers can save you a ton of money in software costs and have the added benefits of customizing back-end scripts and reports to spit out exactly what you want. Open-source options tend to be far more flexible and customizable and often have features that go far beyond what a paid software can do, or even could even be expanded to do!
It's also worth considering that not only does open-source get to brag about no upfront cost, also lacks any need for ongoing license fees or sudden expenses as versions are shifted and current software becomes legacy.
That's where these open-source options come into play – you often lose out slightly on the enterprise level of support and depth of some features, but generally more than makeup for it in the realm of variety of features and flexibility of the software itself.
Here is our list of the best open-source sFlow Collector and analyzers:
- sFlow Toolkit – EDITOR’S CHOICE This command line package offers powerful sFlow collection and analysis utilities and it is paired by a free graphical user interface, called sFlow Trend. Available for Windows and Linux. Download this tool for free.
- NfSen This package is a graphical frontend for the nfdump utility. It packages nfdump data into graphs and charts. Runs on Unix, Linux, and macOS.
- Wireshark This free packet analyzer relies on libpcap or WinPcap for package sniffing and can filter packets down to sFlow data. Available for Windows, Unix, Linux, and macOS.
- FlowViewer A graph generator that is recommended for use with NetFlow collectors but could be adapted to take an sFlow data feed. Runs on Linux, Unix, or Windows.
On the plus side, several open-source suites do offer some paid support and more enterprise-friendly options, which gives you the best of both worlds.
In either case, when dealing with the sorts of networks that heavily utilize sFlow and would thus need to gather data on and analyze it, there's not usually room for much error.
Major issues with network throughput can enormously, and negatively, affect the performance of applications and availability of applications.
It's strongly advised to be well-versed and familiar with a solid sFlow Collector/Analyzer well before you start having any problems!
The Best Open Source sFlow Collector and Analyzers
Our methodology for selecting SFlow Collectors and software
We reviewed the network monitoring tools and software market and analyzed the options based on the following criteria:
- An autodiscovery system to log all network devices
- Types of flows supported
- A facility to analyze network performance over time
- Graphical interpretation of data, such as charts and graphs
- A free trial period, a demo, or a money-back guarantee for no-risk assessment
- A good price that reflects value for money when compared to the functions offered
1. sFlow Toolkit
The screenshot is from the free GUI-based version of sFlow Toolkit but we'll get to that in a moment. sFlow Toolkit is about as basic and barebones as you can get, but its job is simple and it does it elegantly. It's a command-line program that is well-documented and allows you to perform a swift and concise analysis of traffic.
Key Features
- Simple interface
- Easy installation
- Quick collection
Why do we recommend it?
The users of both Linux and Windows systems will like sFlow Toolkit because it provides the power of getting your hands on a command line package and the convenience of accessing a graphical user interface. The system is supplied by InMon Corp, the organization that created the sFlow system.
It utilizes tcpdump, ntop, and Snort interfaces for packet tracing and analysis while also being able to perform NetFlow compatible collection!
The website has a simple breakdown of its use and thoroughly documented links on the interfaces it calls to and uses.
As a second part to the sFlow Toolkit is sFlowTrend, making this something of a double feature. sFlowTrend is a free addition to the sFlow Toolkit that adds a graphical interface to the functionality of sFlow Toolkit and enables real time and active visual tracking of flow data.
Who is it recommended for?
Any network manager who wants to create a bespoke sFlow analytical application could start with this package. The system can be used to create scripts and you can set up a script to run on a timer, so it repeats and provides regular analysis. It is more frequently used for ad-hoc investigations.
Pros:
- Lightweight tool – uses little system resources
- Easy to learn over time
- Provides a simple GUI in conjunction with a CLI
Cons:
- The interface can become cluttered in environments with many VMs and hosts
Download the sFlow Toolkit and sFlowTrend for enhanced network analysis and management.
EDITOR'S CHOICE
sFlow Toolkit is our top pick for an open source sFlow collector and analyzer because this free system provides the dexterity of a command line tool and gives you the option of accessing data through a graphical user interface in the form of the sFlowTrend software. Both of these systems are free to use and if you use Linux, you actually get the source code to compile yourself. That means Linux users can study how the whole sFlow protocol works and maybe even adjust the code or integrate it into a customized automated monitoring tool.
OS: Windows and Linux
2. NfSen
NfSen is a popular open-source option for all manner of network data monitoring – those particularly curious about sFlow traffic will have to be sure to enable the sFlow tracking and analysis specifically, but otherwise can enjoy the full range of NfSen's functionality with it!
Key Features
- Native graphical reporting
- Plugin support
- Extensive data collection capabilities
Why do we recommend it?
If you run Unix, Linux, or macOS, you can access nfdump and NfSen for free and install these utilities on your computer. The nfdump accesses NetFlow data from a specific network device. If you have NfSen installed, it will read the input from nfdump and display it in time-series graphs.
Some further configuration is necessary in Debian-based environments for sFlow, but the documentation does a good job leading you the right way for a successful setup and use.
It's simple to setup besides a few sticklers based on your environment and basically functions as a graphical front-end for the nfdump portion of netflow tools.
On top of the expected ability to display netflow data, both real time and during time spans, view and create histories, as well as set alerts is that NfSen has a potent custom and open-ended system for allowing you to write custom plugins!
As any technician knows this kind of functionality can save a mountain of work in the long run with a bit of extra work today by automating or managing some specific part of your environment that other tools cannot do.
Who is it recommended for?
This tool doesn’t give you sFlow data. Instead, you get NetFlow statistics from nfdump and NfSense will show this. This duo will appear to network manager who like to tinker. If you have the time, you can set up your own network bandwidth analyzer. You can even set up alerts for traffic surges with the NfSen package.
Pros:
- Web-based GUI tool – better suited for beginners
- Supports data collection and historical data search
- Users can set up alerts based on thresholds or conditions
Cons:
- Requires PHP and PERL to run
- Only available for Unix and Linux
Enhance your network monitoring by downloading Nfsen.
3. Wireshark
Wireshark is already all but infamous for any kind of network traffic or protocol tracking, and as one of the most popular open-source offerings it's incredibly well documented and features are often being added and refined!
Key Features
- Support for virtually all packet data
- Well documented
- Highly detailed reporting capabilities
Why do we recommend it?
Wireshark is the leading package analyzer and it includes its own filtering and querying language. The systems filters can be applied at the level of data capture and also as a way to sort through all of the captured packets that are shown in the data viewer. There are sFlow filters within the Wireshark query language.
It does take a little extra legwork to get the right kind of data feeding into Wireshark, but the fact that you an simply speaks to the power of the software.
A quick bit of searching can easily point you to some guides on how to capture and setup pipes for filtering sFlow traffic through Wireshark where, by using sflowtool, you can utilize all of Wireshark's amazing features to gather and analyze your sFlow data specifically.
Who is it recommended for?
Most network managers have probably already installed Wireshark on their workstations. The tool is usually used in network management courses. The query language of Wireshark is very extensive and can take a long time to master. So, this package is a more appealing tool for frequent use rather than something to have for occasional ad-hoc investigations.
Pros:
- Massive open-source community keeps the software updated and new features added periodically
- Built by network professionals, for network professionals
- Can save captured packet data for further analysis or archival purposes
Cons:
- Collects massive amounts of data by default – must be sorted and filtered
Access advanced network analysis with Wireshark.
4. FlowViewer
FlowViewer, like several other options, is more of a graphical front-end for existing tools, but a powerful one no less. It's a web-based front-end for two systems the author has brought together to enhance the overall ability to analyze and gather both sFlow and NetFlow alike!
Key Features
- Graphical reporting
- Intuitive interface
- Support for various protocols
Why do we recommend it?
FlowViewer provides graphical representations of flow data provided by other systems that implement packet capture. The notes on the download for this free source code recommend a companion, free system to use as the data collector for NetFlow data or another for IPFIX. However, you could adapt the sFlow Toolkit code to feed data into FlowViewer.
It utilizes the usual flow-tools but combines that with an underneath-the-hood of the SiLK toolset, which enables the newer IPFIX data protocol, in turn bringing Ipv6 and the newer Cisco v9 and FNF netflow into the picture!
It's one of those tools that will not often be especially needed or useful with the offering of what else is out there, but it makes a unique offering in what it has to give.
It handles gathering and monitoring of flow data, a web-based interface for viewing any collectors from various devices, a snazzy visual front-end, as well as wonderful backwards compatibility.
The setup can be tricky but the functionality is splendid.
Who is it recommended for?
There are many options to implement with this tool, which is similar to sFlow
Trend. However, the complexity of going off the instructions sheet and making this an sFlow analyzer instead of a NetFlow system would involve as lot of work. It might just be better to use sFlowTrend instead.
Pros:
- Simple yet informative interface for multiple flows
- Offers a wide variety of backend compatibility with other tools
- Can monitor both sFlow and NetFlow simultaneously
Cons:
- Initial installation can be more challenging than other competing products
Get advanced flow analysis capabilities by downloading FlowViewer here.
Conclusion
Open Source sFlow Collectors and analyzers can be very useful if you are looking to save some money on software and licensing fees and need some customizable software at your disposal.
Several of the above tools primarily act as front-ends or add functionality to other existing open-source or command-line focused programs, which is not at all uncommon when you start getting into specific needs like sFlow/NetFlow monitoring, but whatever the case it's lucky that we have options like these to make our lives a lot easier.
When dealing with the extremely high-speed strict environments that maximize the use of sFlow, anything that makes analysis and collection faster, easier, or more convenient in any way is downright invaluable.
Open Source sFlow Collector and Analyzers FAQs
Why is sFlow collection important?
sFlow collection is important for network monitoring and management because it provides detailed information about network traffic, including source and destination IP addresses, packet sizes, and types of applications and protocols being used. This information can be used to identify network performance issues, security threats, and other network-related problems.
How does sFlow collection work?
sFlow collection works by sending sFlow data from sFlow-enabled devices to a central sFlow collector. The sFlow collector receives and processes the sFlow data, which can then be analyzed and visualized using network monitoring and management tools.
What are the benefits of using sFlow collection?
The benefits of using sFlow collection include real-time visibility into network activity, improved network performance and security, and reduced costs associated with network troubleshooting and management. sFlow collection provides detailed information about network traffic, which can be used to identify performance bottlenecks, detect security threats, and optimize network configuration.
Related Articles:
8 Best Free sFlow Collectors and Analyzers to Monitor your Network