Hello again
After passing a few days, I think this feature is necessary for one monitoring solution. So I want to add this feature to zabbix or maybe contribute to zabbix community for develop this feature. before any decision about adding this feature(or better, name it as module) any suggestion or recommendation will be appreciated.
First of all, I start with some question :
1- use of open source NetFlow(IPFIX) collector,if so, which one opensource. or redesign another new one ?
2- apparently for joining to Zabbix it's needed to some modification on opensource daemon so, what programming language do we use ?
3- structure if database for storing NetFlow data
4- required options for web interface that will be in php.

Thanks for more suggestions

I've been thinking about this for a while. Unfortunately the Zabbix database and current design does not lend itself to easily work with network flow data. The exception would be for statically monitored data sets, such as wanting to know the flow of a specific host on specific ports. Dynamicly monitoring network flow data in a manner similar to NTop would be very difficult to do with the current database model for Zabbix.

One idea I have been batting around would be designing a separate program which can be used for monitoring network flow data in a manner similar to NTop, and have it tightly integrate into the Zabbix UI and the Zabbix triggering system. The integration with the Zabbix server for tiggers would require some work as the Zabbix codebase has no concept of talking to external modules. Due to the highly concurrent nature of network flow data on a large scale I was thinking Erlang would lend itself well to this task and a NoSQL database similar to CouchDB would be suitable for the data backed storage.