As I said already ( here and here ) for gathering Netflow data, especially with security in mind, I deem Nfsen/nfdump to be the best. And with some easy 2-minutes tweaking I can always make it do exactly what I want. By default when you configure Cisco to export both ingress and egress Netflow data from the interface Nfdump/Nfsen will accept and process it fine BUT ... will show it on the same timeline with the same color and so overlapping over each other. That means you will see only the largest values. To fix it you create additional (from Live) profile with separate Channels, each representing direction of the traffic - inbound or outbound. Then for each channel you set appropriate filter - IN for incoming traffic , OUT for outgoing traffic (all respective to the interface being monitored), followed by SNMP ifIndex of the interface in the router. Picture is worth 1024 words they say , so see below screenshots how I did it for one of my clients.
- Nfdump netflow/sflow cookbook of examples
Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.