Educause Security Discussion mailing list archives

Re: Netflow Analysis Software

From: "Miller,James R" <millerj () UAKRON EDU>
Date: Wed, 4 May 2011 12:34:46 -0400

Yes, thanks. We are in the process of purchasing Splunk. It does quite a job with log correlation.

Jim Miller
CISSP,CCSP
Lead Network Engineer
The University of Akron
(330) 972-7958
millerj () uakron edu

[cid:image001.png@01CC0A57.A47ADE50]

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dr. Wole 
Akpose
Sent: Wednesday, May 04, 2011 12:12 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Netflow Analysis Software

With your MARS experience, have you considered SPLUNK?

http://www.splunk.com/

W. Akpose
On Wed, May 4, 2011 at 11:10 AM, Miller,James R <millerj () uakron edu<mailto:millerj () uakron edu>> wrote:
Kevin,
Thanks for your reply. We currently have a network spanning a little over 80 buildings with little insight on the 
network traffic. We are probably looking at wanting to monitor around 5000 ports and are currently using the Cisco MARS 
appliance they purchased over 3 years ago which was pretty much a waste of money. It does some minimal netflow 
collection and does not produce much in the way of reporting. A GUI would be very helpful for our engineers in an 
overview of the current network status.
Thanks,
Jim

Jim Miller
CISSP,CCSP
Lead Network Engineer
The University of Akron
(330) 972-7958<tel:%28330%29%20972-7958>
millerj () uakron edu<mailto:millerj () uakron edu>


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Kevin Wilcox
Sent: Wednesday, May 04, 2011 10:40 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Netflow Analysis Software

On Wed, May 4, 2011 at 10:24 AM, Miller,James R <millerj () uakron edu<mailto:millerj () uakron edu>> wrote:

We are looking at adding Netflow analysis to our networking toolkit. Has anyone had good or bad success with any 
particular vendors? Right now we are looking at Solar Winds and Fluke. Any comments or suggestions would be greatly 
appreciated.


What are you looking to accomplish? Flow data is, at its heart,
extremely simple - two IPs, two ports, two timestamps, some flags and
some counters. Is there something you want to do that you can't script
in-house or use something like ipAudit or Argus + rrdtool as a
starting point?

kmw

--
Kevin Wilcox GPEN, GCIH
Network Infrastructure and Control Systems
Appalachian State University
Email: wilcoxkm () appstate edu<mailto:wilcoxkm () appstate edu>
Office: 828.262.6259<tel:828.262.6259>

Current thread:

Netflow Analysis Software Miller,James R (May 04)
- Re: Netflow Analysis Software Kevin Wilcox (May 04)
  - Re: Netflow Analysis Software Miller,James R (May 04)
    - Re: Netflow Analysis Software Dr. Wole Akpose (May 04)
    - Re: Netflow Analysis Software Miller,James R (May 04)
  - Re: Netflow Analysis Software Bradley, Stephen W. Mr. (May 04)
  - Re: Netflow Analysis Software Justin Azoff (May 04)
    - Re: Netflow Analysis Software Jason Chambers (May 09)
- Re: Netflow Analysis Software Mike Iglesias (May 04)
  - Re: Netflow Analysis Software Joel Rosenblatt (May 04)
  - Re: Netflow Analysis Software win-hied () bradjudy com (May 04)
    - Re: Netflow Analysis Software Troy S. Jordan (May 04)
    - Re: Netflow Analysis Software Avdagic, Indir (May 04)
    - Re: Netflow Analysis Software Michael Jewett (May 04)
    - Re: Netflow Analysis Software Drews, Adam (May 04)

(Thread continues...)