nanog mailing list archives

Re: Network Storage

From: Joel M Snyder <Joel.Snyder () Opus1 COM>
Date: Thu, 12 Apr 2012 14:53:18 -0700

>Can you please comment on what is best solution for storing network
>traffic.

Well, "best" is kind of a hard word to use here. There are lots ofdifferent solutions depending on exactly why and where you want tocapture this.

As far as I know, there are really two credible companies who arethrashing it out in this space right now, NetWitness (now part of RSA)and Solera. I think that Niksun is still out there, but they haven'tdone much recently or maybe they just concentrate on particular sectorsand so I never see them.

Of course, you can also just tcpdump it yourself, but the commercialproducts do a lot of the metadata analysis and creation for you, so it'sa lot easier to understand what is happening in your traffic than justhaving piles of tcpdumps.

I bought a NetWitness box and was profoundly unimpressed. So I guess myadvice would be to start with Solera and then look at NetWitness if youdon't like Solera.

This assumes you have budget. If this is a back-of-the-envelope "hey,let's grab some packets and do something with them" kind of exercise,then filter your tcpdumps a lot better.


jms

--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One       Phone: +1 520 324 0494
jms () Opus1 COM                http://www.opus1.com/jms

Current thread:

Re: Network Storage, (continued)
- - - Re: Network Storage Andrew Thrift (Apr 15)
    - Re: Network Storage Simon Leinen (Apr 16)
    - RE: Network Storage Drew Weaver (Apr 16)
    - Re: Network Storage Michael J McCafferty (Apr 12)
    - Re: Network Storage Leo Bicknell (Apr 15)
- RE: Network Storage Ian McDonald (Apr 12)
  - Re: Network Storage Jimmy Hess (Apr 12)
    - Re: Network Storage Kyle Creyts (Apr 14)
- Re: Network Storage Nathan Stratton (Apr 12)
- Re: Network Storage Julien Goodwin (Apr 15)
- Re: Network Storage Joel M Snyder (Apr 12)