Jump to content



Photo

NetFlow Recommendation


  • Please log in to reply
10 replies to this topic

#1 Walid W.

Walid W.

    I love Orcinus Orca

  • Tech Issues Solved: 3
  • Joined: 19-July 08
  • Location: Lost somewhere in Sweden
  • OS: Ubuntu, Debian, Backtrack 5r, Windows 7 & XP
  • Phone: iPhone 3GS, iPhone 4s & HTC One

Posted 07 August 2014 - 08:58

I am in the stage of looking a NetFlow for our company and I don't know which one to pick. There are a lot of them out there, and one wonder which to pick or which one is best suited for your needs.

 

I have tested a couple of NetFlow PRTG, WANGuard and Scrutinizer. PRTG is great but it is so expensive, the other two are pretty fine. Now my question is, do you guys have any recommendation? And what is your experience with it?

 

We'd like to monitor everything (in production) and know why some servers are talking too much, etc. So bandwidth usage for servers/hosts, protocol (layer 2/3, etc. Going to use it on Cisco 3800 and ASA.

 

Edit: I know probably most of them are able to send email notifications and if it can send sms it would be even better.




#2 Skiver

Skiver

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 10-October 05
  • Location: UK, Reading

Posted 07 August 2014 - 09:06

I don't have any experience in this sort of thing so I can't be too helpful however CA Technologies did a pretty good presentation of some of their products at Cisco Live and this one I think would be one to consider also...

 

http://www.ca.com/us...r-analyzer.aspx



#3 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 100
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 07 August 2014 - 11:07

take a look at manage engine http://www.manageeng...oducts/netflow/

When you asked me the other day about netflow, I thought you were asking about setup on the 3850s not about the analyzer side?

And don't forget ntop, that works real good as well!

#4 g33kb0y

g33kb0y

    Neowinian

  • Joined: 17-April 02

Posted 07 August 2014 - 11:23

I personally use Scrutinizer -- great product and Plixer's a great company.  As BudMan mentioned, ManageEngine's netflow product is great as well.  Both products are actively developed.



#5 OP Walid W.

Walid W.

    I love Orcinus Orca

  • Tech Issues Solved: 3
  • Joined: 19-July 08
  • Location: Lost somewhere in Sweden
  • OS: Ubuntu, Debian, Backtrack 5r, Windows 7 & XP
  • Phone: iPhone 3GS, iPhone 4s & HTC One

Posted 07 August 2014 - 11:37

Yup, I looked at this as well.. Gonna give it a try. Have you any personal experience with it?

take a look at manage engine http://www.manageeng...oducts/netflow/

When you asked me the other day about netflow, I thought you were asking about setup on the 3850s not about the analyzer side?

And don't forget ntop, that works real good as well!

 

We had this at my previous job, but I didn't like it so much (I only used it once or twice, once when I logged in and changed my pass and the 2nd time when I wanted to change my pass again lol) anyway, what do you like in it? Any email/sms notification?

I personally use Scrutinizer -- great product and Plixer's a great company.  As BudMan mentioned, ManageEngine's netflow product is great as well.  Both products are actively developed.

 

Edit: BudMan, and yes that as well but I figured it out ;)



#6 g33kb0y

g33kb0y

    Neowinian

  • Joined: 17-April 02

Posted 07 August 2014 - 12:03

We had this at my previous job, but I didn't like it so much (I only used it once or twice, once when I logged in and changed my pass and the 2nd time when I wanted to change my pass again lol) anyway, what do you like in it? Any email/sms notification?

Yup, you can email reports (scheduled and ad-hoc; pdf, csv, html) and alarms.  I really like how granular I can get w/drill downs.  I can see vlan, mac, IP, ports, src/dst, session time, etc in 1m intervals. You can also build maps to interconnect devices & visualize traffic load between them (or overlay your device on a google map, too).  Lots of built-in reports (my fav is conversations).

 

There are two major downsides with Scrutinizer.  Upgrades have wiped out my database a few times over the years.  No bueno. :@  Also, you need fast storage, more so if you have a lot of traffic.  It's pretty demanding and the webui will crawl if you don't have fast enough disks.  Also consumes a huge amount of disk space if you keep the 1m intervals like I do.

 

Personally, I think ManageEngine's web ui is much 'prettier' but I didn't sense the same granularity I can get w/Scrut. 



#7 OP Walid W.

Walid W.

    I love Orcinus Orca

  • Tech Issues Solved: 3
  • Joined: 19-July 08
  • Location: Lost somewhere in Sweden
  • OS: Ubuntu, Debian, Backtrack 5r, Windows 7 & XP
  • Phone: iPhone 3GS, iPhone 4s & HTC One

Posted 07 August 2014 - 12:36

Yup, you can email reports (scheduled and ad-hoc; pdf, csv, html) and alarms.  I really like how granular I can get w/drill downs.  I can see vlan, mac, IP, ports, src/dst, session time, etc in 1m intervals. You can also build maps to interconnect devices & visualize traffic load between them (or overlay your device on a google map, too).  Lots of built-in reports (my fav is conversations).

 

There are two major downsides with Scrutinizer.  Upgrades have wiped out my database a few times over the years.  No bueno. :@  Also, you need fast storage, more so if you have a lot of traffic.  It's pretty demanding and the webui will crawl if you don't have fast enough disks.  Also consumes a huge amount of disk space if you keep the 1m intervals like I do.

 

Personally, I think ManageEngine's web ui is much 'prettier' but I didn't sense the same granularity I can get w/Scrut. 

Same, didn't like the gui at all in Scrut. Though I haven't tested ManageEngine yet but it feels more clear and prettier and much prettier than WANGuard. PRTG has a clean interface as well, but as I mentioned earlier it is so expensive.

 

I will try to test Scrut for real this time and see if I can change my feeling towards it. If it is easy to setup and work with I'd love it (didn't set it up at my previous job). It shouldn't problem with fast storage, etc. What about the price? Expensive or reasonable?



#8 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 31
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 07 August 2014 - 13:40

mrtg is free and would do what you want.

 

http://menalto.com/p...ng?m=1284097470

http://oss.oetiker.ch/mrtg/

 

solarwinds netflow analyzer is another, but not free.

http://www.solarwind...0140807134303:s

 

cacti would probably do it as well and would be better

http://www.cacti.net/



#9 OP Walid W.

Walid W.

    I love Orcinus Orca

  • Tech Issues Solved: 3
  • Joined: 19-July 08
  • Location: Lost somewhere in Sweden
  • OS: Ubuntu, Debian, Backtrack 5r, Windows 7 & XP
  • Phone: iPhone 3GS, iPhone 4s & HTC One

Posted 07 August 2014 - 14:24

I probably should have been more clear we are not looking into free softwares only paid but not expensive lol

Have you used any of them before sc302?

#10 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 31
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 07 August 2014 - 14:57

solarwinds and manageengine I have used them before and they work. 



#11 OP Walid W.

Walid W.

    I love Orcinus Orca

  • Tech Issues Solved: 3
  • Joined: 19-July 08
  • Location: Lost somewhere in Sweden
  • OS: Ubuntu, Debian, Backtrack 5r, Windows 7 & XP
  • Phone: iPhone 3GS, iPhone 4s & HTC One

Posted 08 August 2014 - 13:02

Manage Engine installed at home, looks pretty and I like to UI