nanog mailing list archives
Re: Network Storage
From: Joel M Snyder <Joel.Snyder () Opus1 COM>
Date: Thu, 12 Apr 2012 14:53:18 -0700
>Can you please comment on what is best solution for storing network >traffic.Well, "best" is kind of a hard word to use here. There are lots of different solutions depending on exactly why and where you want to capture this.
As far as I know, there are really two credible companies who are thrashing it out in this space right now, NetWitness (now part of RSA) and Solera. I think that Niksun is still out there, but they haven't done much recently or maybe they just concentrate on particular sectors and so I never see them.
Of course, you can also just tcpdump it yourself, but the commercial products do a lot of the metadata analysis and creation for you, so it's a lot easier to understand what is happening in your traffic than just having piles of tcpdumps.
I bought a NetWitness box and was profoundly unimpressed. So I guess my advice would be to start with Solera and then look at NetWitness if you don't like Solera.
This assumes you have budget. If this is a back-of-the-envelope "hey, let's grab some packets and do something with them" kind of exercise, then filter your tcpdumps a lot better.
jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 jms () Opus1 COM http://www.opus1.com/jms
Current thread:
- Re: Network Storage, (continued)
- Re: Network Storage Andrew Thrift (Apr 15)
- Re: Network Storage Simon Leinen (Apr 16)
- RE: Network Storage Drew Weaver (Apr 16)
- Re: Network Storage Michael J McCafferty (Apr 12)
- Re: Network Storage Leo Bicknell (Apr 15)
- Re: Network Storage Jimmy Hess (Apr 12)
- Re: Network Storage Kyle Creyts (Apr 14)