    Real-time IP traffic monitoring w/o Netflow -- what do you use?


       I am wondering what people use for real-time monitoring of data feeds or data streams, without using netflow.  For example, I currently have 2 linux boxes that run a collection of tcpstat processes, with each process running a different filter for traffic from various sources.  The tcpstat information is piped to a perl script that sends the info to a mysql database on a different box. The database is accessed through a PHP webpage that allows me to select the data based on the source/dest IP of the tcpstat filter I'm interested in. It's not a horrible system, but it's not ideal. I tried using Netflow, but NTA does not have the ability to create filters based on specific source/dest IP's.