Open Source sFlow collectors and analyzers can save you a ton of money in software costs and have added benefits of customizing back-end scripts and reports to spit out exactly what you want.
Open-source options tend to be far more flexible and customizable and often have features that go far beyond what a paid software can do, or even could even be expanded to do! It's also worth considering that not only does open-source get to brag about no up front cost, also lacks any need for ongoing license fees or sudden expenses as versions are shifted and current software becomes legacy.
That's where these open-source options comes into play – you often lose out slightly on the enterprise level of support and depth of some features, but generally more than make up for it in the realm of variety of features and flexibility of the software itself. On the plus side, several open-source suites do offer some paid support and more enterprise-friendly options, which gives you the best of both worlds.
In either case, when dealing with the sorts of networks that heavily utilize sFlow and would thus need to gather data on and analyze it, there's not usually room for much error. Major issues with throughput can enormously, and negatively, affect performance of applications and availability of applications. It's strongly advised to be well versed and familiar with a solid sFlow Collector/Analyzer well before you start having any problems!
The screenshot is from the free GUI-based version of sFlow Toolkit but we'll get to that in a moment. sFlow Toolkit is about as basic and barebones as you can get, but its job is simple and it does it elegantly. It's a command-line program that is well documented and allows you to perform a swift and concise analysis of traffic.
It utilizes tcpdump, ntop, and Snort interfaces for packet tracing and analysis while also being able to perform NetFlow compatible collection! The website has a simple breakdown of its use and thoroughly documented links on the interfaces it calls to and uses.
As a second part to the sFlow Toolkit is sFlowTrend, making this something of a double feature. sFlowTrend is a free addition to the sFlow Toolkit that adds a graphical interface to the functionality of sFlow Toolkit and enables real time and active visual tracking of flow data.
NfSen is a popular open-source option for all manner of network data monitoring – those particularly curious about sFlow traffic will have to be sure to enable the sFlow tracking and analysis specifically, but otherwise can enjoy the full range of NfSen's functionality with it!
Some further configuration is necessary in Debian-based environments for sFlow, but the documentation does a good job leading you the right way for a successful setup and use. It's simple to setup besides a few sticklers based on your environment and basically functions as a graphical front-end for the nfdump portion of netflow tools.
On top of the expected ability to display netflow data, both real time and during time spans, view and create histories, as well as set alerts is that NfSen has a potent custom and open-ended system for allowing you to write custom plugins! As any technician knows this kind of functionality can save a mountain of work in the long run with a bit of extra work today by automating or managing some specific part of your environment that other tools cannot do.
Wireshark is already all but infamous for any kind of network traffic or protocol tracking, and as one of the most popular open-source offerings it's incredibly well documented and features are often being added and refined! It does take a little extra legwork to get the right kind of data feeding into Wireshark, but the fact that you an simply speaks to the power of the software.
A quick bit of searching can easily point you to some guides on how to capture and setup pipes for filtering sFlow traffic through Wireshark where, by using sflowtool, you can utilize all of Wireshark's amazing features to gather and analyze your sFlow data specifically.
FlowViewer, like several other options, is more of a graphical front-end for existing tools, but a powerful one no less. It's a web-based front-end for two systems the author has brought together to enhance the overall ability to analyze and gather both sFlow and NetFlow alike! It utilizes the usual flow-tools but combines that with an underneath-the-hood of the SiLK toolset, which enables the newer IPFIX data protocol, in turn bringing Ipv6 and the newer Cisco v9 and FNF netflow into the picture!
It's one of those tools that will not often be especially needed or useful with the offering of what else is out there, but it makes a unique offering in what it has to give. It handles gathering and monitoring of flow data, a web-based interface for viewing any collectors from various devices, a snazzy visual front-end, as well as wonderful backwards compatibility. The setup can be tricky but the functionality is splendid.
Open Source sFlow Collectors and analyzers can be very useful if your looking to save some money on software and licensing fee's and need some customizable software at your disposal.
Several of the above tools primarily act as front-ends or add functionality to other existing open-source or command-line focused programs, which is not at all uncommon when you start getting into specific needs like sFlow/NetFlow monitoring, but whatever the case it's lucky that we have options like these to make our lives a lot easier.
When dealing with the extremely high-speed strict environments that maximize the use of sFlow, anything that makes analysis and collection faster, easier, or more convenient in any way is downright invaluable.