Looking for a free or Open Source NetFlow solution!

Hello everyone. I recently received my Ubiquiti EdgeRouter Lite, and I love it. Low power, silent, maxes by bandwidth, great firewall and DNAT/SNAT rules, routing, QOS, and VPN. Everything I need, except for historical bandwidth monitoring. It does real time/current TX and RX reporting, which is great, but I like to see my bandwidth on a hourly, weekly, and monthly basis. The EdgeRouter Lite does support sFlow and NetFlow, and I have heard that NetFlow will provide data better than sFlow. It supports NetFlow v9, which is what I am wanting to use, but I am new to setting it up and using it.

I currently have PRTG in place (free version with 10 sensors), and NetFlow data is being received from my ERL. However, my ERL is reporting 5Mbps TX on my WAN interface (running online backups right now) but PRTG is only reporting 102Kbps, which is obviously way wrong. I'm looking for an alternate free solution, and asking for suggestions. Should I be looking at sFlow as well or is NetFlow superior to that?

Thanks!

i don't know how good it is or if it's still under development, but cflowd was a free netflow collector that existed like 8 years ago.

also, doesn't MRTG do something like this?

Does your ubiquiti box support SNMP? you can poll the interface using SNMP and have an application keep track of the data received. Just another way to do it.

Flow statistics is new to me, but it's my understanding that SNMP could give me bandwidth statistics, which is primarily what I want but Flow (NetFlow or sFlow) could give me more such as what L7 application or what port the traffic is.

MRTG does SNMP, but I don't think it supports NetFlow v9, which is really want I am wanting to use. I will check into cflowd in the morning as well, so thanks.

You have to set the flow timeout's on PRTG to be correct. (i.e same on the router as in PRTG)

Personally, I've not used a free on I like. PRTG and Cactii are both meh when it comes to netflow.

Yeah, I have tried several different timeout settings, but I could never figure out what the right settings should be. The timeout options on the ERL are:
expiry-interval
Expiry scan interval

flow-generic
Generic flow timeout value

icmp
ICMP timeout value

max-active-life
Max active timeout value

tcp-fin
TCP finish timeout value

tcp-generic
TCP generic timeout value

tcp-rst
TCP reset timeout value

udp
UDP timeout value

For open source, nTop is popular. Though I'm a fan of nfsen/nfdump, which is what I use at work.

I have decided to go with OpenNMS for SNMP monitoring (will eventually deploy network wide for server monitoring as well) and Scrutinizer for NetFlow statistics.