On 2/12/2011 1:54 PM, Mark D. Nagel wrote:
On 2/7/2011 4:02 PM, Jeremy Charles wrote:
There are three things I've not found together in any netflow
analysis products that I've tried so far:
1) A host on my network is receiving traffic from hundreds of remote
hosts out on the Internet. I'd like to have some way of noticing
that this is happening so that I can take a closer look at what that
host is doing. For example, it would be fine if I could see a table
of hosts that's sorted according to how many remote hosts it's
receiving traffic from... or even a threshold alert.
Most netflow analyzers that I've looked at only do a good job at
answering question #3. Some handle #2 decently. Question #1 is the
holy grail at this point.
Hot dog. I just downloaded ManageEngine Netflow Analyzer Pro (30 day
trial) last night from the sflow.org page link and
1) it is one of the very, very few that supports linux (it does run java
though and between java, mysql, and snmp is a bit of a memory hog. Plan
on having 1G available)
2) In just a few hours I setup a bunch of host, network, and service
groups (very flexible)
3) I can get top talkers to any arbitrary combination of host, network,
conversations, pie charts, protocol breakdowns, etc. This is what I was
really looking for.
4) it will generate alerts when you plug in your thresholds based upon
utilization (you specify the bandwidth number and the percent), number
of times and number of minutes. It does email and traps. This is gravy.
So far, I like it! And/But I've only been playing with it for a few hours.
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
