There's a gap in open-source network telemetry. Enterprise platforms require Kafka and ClickHouse. Simple collectors forward raw packets and leave analysis to you. Flodar sits in between — a single binary that ingests NetFlow v5/v9 and IPFIX from your router, computes sliding-window traffic analytics, detects common attack patterns, and exposes everything to Prometheus and Grafana. Local flow and alert history in DuckDB and SQLite. Webhook delivery for real-time notifications. Runs on the hardware you have.
docker run -p 2055:2055/udp -p 9090:9090 ghcr.io/rohitkochhar/flodar:latestThen open http://localhost:9090/health and http://localhost:9090/metrics.
cargo build --release
./target/release/flodarFlodar is configured via flodar.toml. Most settings have sensible defaults — the minimal config below is enough to get started.
[collector]
bind_address = "0.0.0.0"
bind_port = 2055
[logging]
level = "info"
format = "pretty"See docs/configuration.md for all options.
The grafana/ directory contains a provisioned dashboard and datasource. Point Grafana at the grafana/provisioning directory to load them automatically — no manual import required. See docs/metrics.md for the full metric reference.