It was actually my first attempt at docker, I have a nifty dockerfile that compiles the latest version and spits out a fully functional minimal image just containing the flow monitor and web server. it's much more lightweight than Elastiflow in terms of hardware, considering I have it running on a Raspberry Pi 4 docker host. It ain't pretty but I never have issues with it functioning.
The storage you allocate dictates the retention duration and it's constant sized, so you can slap it on a purpose-sized disk and forget it if you never expand your scope. By comparison, nfsen stores flow data in rrd records which are a native rolling time series database. It's been around quite a while but it just works. If you're feeling adventurous, you can try nfsen. So the more data you gather without aging via an ILM policy or rolling up, the more disk and memory it will eat up. You're also dealing with Elasticsearch which is by definition an in-memory index of the flow data. Elastiflow is quite nice but very resource intensive due to the Java underpinnings.
0 kommentar(er)
