NetFlow Recommendation


Recommended Posts

I am in the stage of looking a NetFlow for our company and I don't know which one to pick. There are a lot of them out there, and one wonder which to pick or which one is best suited for your needs.

 

I have tested a couple of NetFlow PRTG, WANGuard and Scrutinizer. PRTG is great but it is so expensive, the other two are pretty fine. Now my question is, do you guys have any recommendation? And what is your experience with it?

 

We'd like to monitor everything (in production) and know why some servers are talking too much, etc. So bandwidth usage for servers/hosts, protocol (layer 2/3, etc. Going to use it on Cisco 3800 and ASA.

 

Edit: I know probably most of them are able to send email notifications and if it can send sms it would be even better.

Link to comment
Share on other sites

I personally use Scrutinizer -- great product and Plixer's a great company.  As BudMan mentioned, ManageEngine's netflow product is great as well.  Both products are actively developed.

Link to comment
Share on other sites

Yup, I looked at this as well.. Gonna give it a try. Have you any personal experience with it?

take a look at manage engine http://www.manageengine.com/products/netflow/

When you asked me the other day about netflow, I thought you were asking about setup on the 3850s not about the analyzer side?

And don't forget ntop, that works real good as well!

 

We had this at my previous job, but I didn't like it so much (I only used it once or twice, once when I logged in and changed my pass and the 2nd time when I wanted to change my pass again lol) anyway, what do you like in it? Any email/sms notification?

I personally use Scrutinizer -- great product and Plixer's a great company.  As BudMan mentioned, ManageEngine's netflow product is great as well.  Both products are actively developed.

 

Edit: BudMan, and yes that as well but I figured it out ;)

Link to comment
Share on other sites

We had this at my previous job, but I didn't like it so much (I only used it once or twice, once when I logged in and changed my pass and the 2nd time when I wanted to change my pass again lol) anyway, what do you like in it? Any email/sms notification?

Yup, you can email reports (scheduled and ad-hoc; pdf, csv, html) and alarms.  I really like how granular I can get w/drill downs.  I can see vlan, mac, IP, ports, src/dst, session time, etc in 1m intervals. You can also build maps to interconnect devices & visualize traffic load between them (or overlay your device on a google map, too).  Lots of built-in reports (my fav is conversations).

 

There are two major downsides with Scrutinizer.  Upgrades have wiped out my database a few times over the years.  No bueno. :@  Also, you need fast storage, more so if you have a lot of traffic.  It's pretty demanding and the webui will crawl if you don't have fast enough disks.  Also consumes a huge amount of disk space if you keep the 1m intervals like I do.

 

Personally, I think ManageEngine's web ui is much 'prettier' but I didn't sense the same granularity I can get w/Scrut. 

Link to comment
Share on other sites

Yup, you can email reports (scheduled and ad-hoc; pdf, csv, html) and alarms.  I really like how granular I can get w/drill downs.  I can see vlan, mac, IP, ports, src/dst, session time, etc in 1m intervals. You can also build maps to interconnect devices & visualize traffic load between them (or overlay your device on a google map, too).  Lots of built-in reports (my fav is conversations).

 

There are two major downsides with Scrutinizer.  Upgrades have wiped out my database a few times over the years.  No bueno. :@  Also, you need fast storage, more so if you have a lot of traffic.  It's pretty demanding and the webui will crawl if you don't have fast enough disks.  Also consumes a huge amount of disk space if you keep the 1m intervals like I do.

 

Personally, I think ManageEngine's web ui is much 'prettier' but I didn't sense the same granularity I can get w/Scrut. 

Same, didn't like the gui at all in Scrut. Though I haven't tested ManageEngine yet but it feels more clear and prettier and much prettier than WANGuard. PRTG has a clean interface as well, but as I mentioned earlier it is so expensive.

 

I will try to test Scrut for real this time and see if I can change my feeling towards it. If it is easy to setup and work with I'd love it (didn't set it up at my previous job). It shouldn't problem with fast storage, etc. What about the price? Expensive or reasonable?

Link to comment
Share on other sites

Link to comment
Share on other sites

I probably should have been more clear we are not looking into free softwares only paid but not expensive lol

Have you used any of them before sc302?

Link to comment
Share on other sites

Manage Engine installed at home, looks pretty and I like to UI

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.