a GOOD NetFlow analyser

Unanswered Question
Jul 18th, 2007
User Badges:


is anyone aware of a good netflow analyser that can effectively combine multiple streams into a single application view? For example, I have 5 servers each running 5 services. rather than having to correlate 25 netflow items, I'd like to initially just see a single result representing the entire clustered services those boxes are providing, and then be able to drill down to per ip or per port data if need be. I've looked at scrutinizer, Solarwinds, Fluke, ManageEngine but not found anything that does what I would perceive to be a relatively simple thing.

anyone know of that killer app?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Martin Ermel Wed, 07/18/2007 - 02:17
User Badges:
  • Blue, 1500 points or more

i am not sure if this is what you are looking for (so you have to decide yourself if it is good ;-) ) but here is a link to

Cisco Performance Visibility Manager


which is afaik an OEM of

Trendium PerforMax


both can be used to centralize the view on several collectors

GERARD PUOPLO Wed, 07/18/2007 - 14:29
User Badges:

I am not sure if it still is available but years ago this capability and the ability to aggregrate flows in any way you want was supported by Concord traffic accountant.


David Stanford Wed, 07/18/2007 - 03:02
User Badges:
  • Cisco Employee,

In addition to Cisco's Netflow Analyzer there are a few open source tools including Netflow analyser from Adventnet, Flow Tools, and Caligare Flow Inspector

acid_kewpie Wed, 07/18/2007 - 04:41
User Badges:

yes, i'm aware of most of them, but none allow collections of multiple ip:port combinations into summaries of traffic. helpdesks don't care that, and are generating lots of traffic, they want to know that Fooware the clustered application is generating lots of traffic...

In typical Cisco style i can't found out anythign useful about the Cisco NetFlow Collector at all... just that it exists and is apparently good. according to them.

Collin Clark Wed, 07/18/2007 - 05:11
User Badges:
  • Purple, 4500 points or more

Adventnet Netflow is decent (we use it), but their support is pretty bad. Crannog is supposed to be pretty good too, but its missing the eye candy most people want to see. Solarwinds makes a Netflow product, but it's part of the Orion suite so it may not be cost effective.

acid_kewpie Wed, 07/18/2007 - 05:17
User Badges:

the AdventNet one is the closest i've found. we'd intend to use it in conjunction with OpManager, but that's a pile of proverbial in my opinion. AdventNet is the only one i've found that will let me do ip:port level distinctions. netqos is the only other one i've any hope for, but am not sure either way right now.

I've also been trying out the whole orion suite, the core of which i'm currently keen on, but their netflow stuff is just appalling i think, not least as you must license directly in line with the main product. i want to monitor netflwo from my main cisco routers only? sorry guv, that's $17,000 becuase you also are monitoring 2000 other unrelated devices! I spoke to the product manager there and he claims to have seen the ligth from what i want from netflow... won't hold my breath though.

Collin Clark Wed, 07/18/2007 - 05:22
User Badges:
  • Purple, 4500 points or more

You only have to license the number of interfaces you will monitor with Netflow, not all the elements. Netflow has a different license than Orion. You could also look at Solarwinds Toolset which has Netflow monitoring and it works really well.

acid_kewpie Wed, 07/18/2007 - 05:31
User Badges:

"The way our licensing work is that you either have NetFlow capabilities or you don't, and the pricing is a function of which Orion you buy."

- *Denny C. LeCompte

**SolarWinds,* Sr. Product Manager

do they not know their own licensing model?

jimmyc_2 Fri, 08/22/2008 - 11:07
User Badges:

I'm looking at SolarWinds and NetQOS. Has your opinion changed since this posting? Any other thoughts?

yjdabear Wed, 07/18/2007 - 05:13
User Badges:
  • Gold, 750 points or more

NetQoS ReporterAnalyzer has the following Application Mapping feature that might fulfill what you're looking for. If a specific application can't be summerized neatly into one subnet or a continuous port range, just add more line entries all mapped to the same port.

acid_kewpie Wed, 07/18/2007 - 05:27
User Badges:

yeah that's certainly much more like it. I *think* we actually had a guy from Netqos come here and give us their spiel. what soon came to light and left us very confused would be that netqos actually has literally nothing to do with qos at all... strange name.

is this something you are generally using? you're able to get decent graphs of clustered app 1 vs 2 vs 3 over a wan link, not just port level stats?



Collin Clark Wed, 07/18/2007 - 05:33
User Badges:
  • Purple, 4500 points or more

Netflow runs 24/7 and we view it 'when there an issue'. We use Adventnet, but I also have the SW Toolset on my laptop and use that exclusively at customer sites. It's great for quickly viewing whats going on or for a short time period. Adventnet works well for longer term trending (assuming it stays running).

peter.nowack Wed, 07/18/2007 - 06:24
User Badges:


you can use Caligare Flow Inspector and their forwarding feature. You can create normal collectors (one for one device) and the special collector (i.e. TotalSum) and forward all netflow exports to the special collector (menu Options->Forwarding). Any statistic is made under selected collector, so if you want to see any traffic that was transferred through your network you will see this traffic in the "totalsum" collector. If you want to exclude any traffic from totalsum you can use the Options->Filtering feature. It is great software. We are using this software for three years and every next version is better.


acid_kewpie Wed, 07/18/2007 - 07:22
User Badges:

Yep again there seems to be the basics there... ugly as sin though! thanks for the heads up, just looking at a trial now.


This Discussion