Sign inDemoInstall

Package Overview
File Explorer

Install Socket

Detect and block malicious and high-risk dependencies


Package main is the main package of tflow2

Version published




CircleCI Codecov Go ReportCard

tflow2 is an in memory netflow version 9, IPFIX and Sflow analyzer. It is designed for fast arbitrary queries and exports data to Prometheus.


Quick install with go get -u and go build or download a pre-built binary from the releases page.

The release binaries have an additional command, tflow2 -version, which reports the release version.

Once you start the main binary it will start reading netflow version 9 packets on port 2055 UDP and IPFIX packets on port 4739 on all interfaces. For user interaction it starts a webserver on port 4444 TCP on all interfaces.

The webinterface allows you to run queries against the collected data. Start time and router are mandatory criteria. If you don't provide any of these you will always receive an empty result.

Config file

There is YAML file as config. Defaults can be found in config-example.yml. You'll at least need to add your Netflow/IPFIX/Sflow agents and adjust (if you don't want to work with interface IDs) your SNMP RO community.

Command line arguments


Will send logs to stderr on top.


This is the amount of elements that any channel within the program can buffer.


This is the amount of workers that are used to add flows into the in memory database.


when logging hits line file:N, emit a stack trace (default :0).


If non-empty, write log files in this directory.


log to standard error instead of files.


Samplerate of your routers. This is used to deviate real packet and volume rates in case you use sampling.


Num of go routines reading and parsing netflow packets (default 24).


logs at or above this threshold go to stderr.

-v value

log level for V logs.

-vmodule value

comma-separated list of pattern=N settings for file-filtered logging.


Please be aware this software is not platform independent. It will only work on little endian machines (such as x86)


(c) Google, EXARING, Oliver Herms, 2017. Licensed under Apache-2 license.

This is not an official Google product.


Last updated on 22 Jan 2020

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc