Jon, Actually ntop is what we're trying to move off of. It's a great tool, but we needed more data and more flexibility.
We looked at Q1Labs QRadar as well, but couldn't afford it. nSight appears to be somewhere in the middle. On 7/28/05, Jon Dossey <[EMAIL PROTECTED]> wrote: > > Hi list, > > > > I tried sending this to a SecurityFocus list but I think everyone's at > > Blackhat or something. :) > > > > We've spent the last few weeks evaluating nSight (www.intrusense.com). > > It's been very helpful in identifying exactly what, when and who is > > eatting up all of our internal network bandwdith as well expose some > > 'strange' internal network behavior which was causing some > > intermittent problems with our Windows hosts. Anyways, we're now > > considering making a purchase. > > > > I'm curious to hear any opinions, problems or praise people have for > > this software. Does it scale well? It seems to collect a lot of > > information. How does it perform after collecting several months worth > > of data? > > > > -jason > > I'm a big fan of NTOP (http://www.ntop.org) personally. > > Just span some ports on a core switch, setup your netflows, and watch > the fireworks. Great piece of software. Just need to remember the > PF_RING kernel patch if you're capturing a significant amount of > traffic. > > .jon > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
