Re: Netflow Analysis Software

["Dr. Wole Akpose" <wole.akpose () MORGAN EDU>]

With your MARS experience, have you considered SPLUNK?

http://www.splunk.com/

W. Akpose

On Wed, May 4, 2011 at 11:10 AM, Miller,James R <millerj () uakron edu> wrote:

> Kevin,
> Thanks for your reply. We currently have a network spanning a little over
> 80 buildings with little insight on the network traffic. We are probably
> looking at wanting to monitor around 5000 ports and are currently using the
> Cisco MARS appliance they purchased over 3 years ago which was pretty much a
> waste of money. It does some minimal netflow collection and does not produce
> much in the way of reporting. A GUI would be very helpful for our engineers
> in an overview of the current network status.
> Thanks,
> Jim
>
> Jim Miller
> CISSP,CCSP
> Lead Network Engineer
> The University of Akron
> (330) 972-7958
> millerj () uakron edu
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin Wilcox
> Sent: Wednesday, May 04, 2011 10:40 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Netflow Analysis Software
>
> On Wed, May 4, 2011 at 10:24 AM, Miller,James R <millerj () uakron edu>
> wrote:
>
> > We are looking at adding Netflow analysis to our networking toolkit. Has
> anyone had good or bad success with any particular vendors? Right now we are
> looking at Solar Winds and Fluke. Any comments or suggestions would be
> greatly appreciated.
>
> What are you looking to accomplish? Flow data is, at its heart,
> extremely simple - two IPs, two ports, two timestamps, some flags and
> some counters. Is there something you want to do that you can't script
> in-house or use something like ipAudit or Argus + rrdtool as a
> starting point?
>
> kmw
>
> --
> Kevin Wilcox GPEN, GCIH
> Network Infrastructure and Control Systems
> Appalachian State University
> Email: wilcoxkm () appstate edu
> Office: 828.262.6259