I've been reading the posts here quite a bit about setting up netflow, nprobe, and ntopng. I found that the demo version of nprobe is probably sufficient for our use based on the flow count, so that is good. I tried nfsen, but that seemed to really only be a higher-level view, not getting down into who was doing what which is the kind of information I relaly want.
I also saw in some posts how you can set a different "engine id" for ingress and egress traffic, but I don't know quite how to get that information carried over to nprobe and/or ntopng so that it reflects it properly. So what I see in flows and such doesn't seem accurate becuase the graphs show all traffic as egress.
Also, as for adjusting the edgerouter netflow timing values to best match what ntopng/nprobe expects, those would be helpful as well to provide as close to a "real time" kind of experience.
I still am not finding it wasy to view any historical data in ntopng, but that is really a separate issue and maybe not even something the community version does. My hope is primarily just to be able to track what is happening on the network, but as a snapshot but also historically to know who has been using how much bandwidth and what kind of connections they are making.
If anyone had a good working sample config they could share it would be awesome.
