There are three things I've not found together in any netflow analysis products that I've tried so far:
1) A host on my network is receiving traffic from hundreds of remote hosts out on the Internet. I'd like to have some way of noticing that this is happening so that I can take a closer look at what that host is doing. For example, it would be fine if I could see a table of hosts that's sorted according to how many remote hosts it's receiving traffic from... or even a threshold alert. 2) There's a pretty huge spike in inbound traffic coming in over one of my ISPs. I'd like to look at the most traffic-intense flows that are coming inbound over that particular router interface to see what's going on. 3) I want to know which 10 hosts on my network are sucking the most traffic from the Internet. Has anyone else already found a good way to answer those three questions using an off-the-shelf product? Most netflow analyzers that I've looked at only do a good job at answering question #3. Some handle #2 decently. Question #1 is the holy grail at this point. Motivation: I'd like to get out of the business of maintaining my own Netflow analyzer, mostly because I don't have all month to put in to figuring out how get it to keep up with the volume of netflow records that my network now produces. When the company was about half its current size, I could easily stuff all the incoming records in to MySQL and use SQL queries to generate whatever output I wanted. Now, my homebrew netflow analyzer simply cannot keep up with the volume of records that my network generates. Products that I've looked at have the exact opposite problem: They can keep up, but the ability to learn what I want from them is very limited. === Jeremy Charles Epic - Computer and Technology Services Division [email protected] Phone: 608-271-9000 Fax: 608-271-7237
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
