I'm planning to set up NetFlow in my environment within the next few weeks, so far two suites that look promising to me are "flow-tools" and "SiLK". Anyone have any input on which would be better to use (or maybe some other product)?
-Wil
This would be a lot easier to answer if you explained how big a site you
are, and what your goals are - what do you want netflow data to do for you?
It's hard to say which tool is better, when we don't know if we're dealing
with a nail or a nut-and-bolt....
Hi, Wil.
] I'm planning to set up NetFlow in my environment within the next few
] weeks...
I much prefer nfsen/nfdump. This suite maintains data over the long
term, has both a command line and a graphical interface, and is easy
to configure and maintain. The developer is also very open to
suggestions and quick to assist.
<http://nfsen.sourceforge.net/>
Thanks,
Rob.
Thanks for all of the responses!
So the goal is to be able to monitor flows real time as well as historically, set up triggers when specific criteria is met, and nice graphs are always a definate plus. Site consists of 4 6509's with a 95th percentile of about 120MBits, along with about 30 other various devices along the way.
I've set up a pretty default installation of nfdump, seems reasonable. Already have found some stuff that seems out of the norm, I'll probably start another thread about that shortly.
I am looking forward to getting nfsen up and running probably within the next couple of days.
-Wil