NFSEN is enhanced with capabilities for generating graphs and reports considering autonomous system names and protocol names.

1. Graph generation
2. Report generation
3. IP-based report generation

Before generating a graph, ensure that at least one day's worth of statistics has been accumulated.

For your convenience, we have created scripts that automatically calculate the top N protocols (or directions - autonomous systems) and create a profile where each is highlighted with its own color.

Run the script to create a profile with top protocols

/usr/local/nfsen/bin/create_top_protocols --consumers 8 --divide-up-down --profile-name top_8_protocols

where consumers 8 - number of protocols displayed on the graph (maximum 10)
divide-up-down - means incoming and outgoing traffic will be displayed separately relative to the zero axis
profile-name top_8_protocols - name of the created profile¹⁾

As a result of the script, the profile top_8_protocols will be created, where the top 8 protocols by volume will be highlighted in different colors on the graphs: Protocols not in the top will be combined into "others" under a common color on the graph
This profile is convenient for generating protocol reports, as indicated in the section Report Generation

Furthermore, on the graphs, you can leave only the protocols we are interested in by unchecking the boxes next to "extra" protocols in the Statistics section (located below the graphs).
Example: only torrents are left on the graph

Similarly, to create a profile with top directions, run the script:

/usr/local/nfsen/bin/create_top_directions --consumers 10 --divide-up-down --profile-name top_10_directions

As a result, the profile top_10_directions will be created, where you can, for example, visually observe the difference in traffic volume to GOOGLE and VKONTAKTE services

Select the live profile (profile is selected in the upper right corner) or, if you previously created a separate profile with top directions, as indicated in the section Graph Generation, then select it.

To create a report on autonomous systems, click the Details tab in the very top row and select on the graph the required period (Time Window) or move the slider to the investigated moment in time (Single Timeslot)

Now in the Options section (under Netflow Processing), select the type of desired report:

where Stat TopN - list of top directions
Top: 10 - number of elements in the top
Stat: Any AS Name/SRC AS Name or DST AS Name - consider all traffic or only in one direction
Order By: bytes - calculate top by data volume
and press the Process button.
For the live profile, you must also select only Source: directions

As a result, a report on top data transmission directions will be prepared

Similarly, when selecting Source: protocols or a separate profile with top protocols, you can generate reports on protocols in both or one of the directions DPI Protocol/IN DPI Protocol/OUT DPI Protocol

1. Add a new data receiver to the nfsen configuration

vi /usr/local/nfsen/etc/nfsen.conf
 
%sources = (
'protocols' => { 'port' => '9997', 'col' => '#00ff00', 'type' => 'netflow' },
'directions' => { 'port' => '9998', 'col' => '#ffff00', 'type' => 'netflow' },
'full' => { 'port' => '9999', 'col' => '#114422', 'type' => 'netflow' }
);

2. Activate changes in the configuration

/usr/local/nfsen/bin/nfsen reconfig

3. Allow udp reception on port 9999 in iptables

vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m udp -p udp --dport 9999 -j ACCEPT
service iptables restart

4. Activate full netflow sending to the created collector on dpi (in addition to protocol and direction collectors)

vi /etc/dpi/fastdpi.conf
netflow=11
netflow_full_collector=127.0.0.1:9999
netflow_passive_timeout=20
netflow_active_timeout=60  
service fastdpi restart

nfsen is not the best tool for investigating full netflow but it allows generating simple reports (section on the Netflow Processing page, for example, top by ip)

In full netflow, the original port number is transmitted by default, therefore, protocol reports do not work. To activate encoding protocol information in the port number, enable the setting netflow_full_port_swap=1