07-18-2007 01:36 AM
Hi,
is anyone aware of a good netflow analyser that can effectively combine multiple streams into a single application view? For example, I have 5 servers each running 5 services. rather than having to correlate 25 netflow items, I'd like to initially just see a single result representing the entire clustered services those boxes are providing, and then be able to drill down to per ip or per port data if need be. I've looked at scrutinizer, Solarwinds, Fluke, ManageEngine but not found anything that does what I would perceive to be a relatively simple thing.
anyone know of that killer app?
Thanks
Chris
07-18-2007 02:17 AM
i am not sure if this is what you are looking for (so you have to decide yourself if it is good ;-) ) but here is a link to
Cisco Performance Visibility Manager
http://www.cisco.com/en/US/products/ps6768/products_data_sheet0900aecd8039c9d4.html
which is afaik an OEM of
Trendium PerforMax
http://www.trendium.com/index.php?content=subsection⊂=2&sub_cat=50
both can be used to centralize the view on several collectors
07-18-2007 02:29 PM
I am not sure if it still is available but years ago this capability and the ability to aggregrate flows in any way you want was supported by Concord traffic accountant.
jerry
07-18-2007 03:02 AM
In addition to Cisco's Netflow Analyzer there are a few open source tools including Netflow analyser from Adventnet, Flow Tools, and Caligare Flow Inspector
07-18-2007 04:41 AM
yes, i'm aware of most of them, but none allow collections of multiple ip:port combinations into summaries of traffic. helpdesks don't care that 10.2.3.4:443, 10.2.4.5:80 and 10.2.5.6:1521 are generating lots of traffic, they want to know that Fooware the clustered application is generating lots of traffic...
In typical Cisco style i can't found out anythign useful about the Cisco NetFlow Collector at all... just that it exists and is apparently good. according to them.
07-18-2007 05:11 AM
Adventnet Netflow is decent (we use it), but their support is pretty bad. Crannog is supposed to be pretty good too, but its missing the eye candy most people want to see. Solarwinds makes a Netflow product, but it's part of the Orion suite so it may not be cost effective.
07-18-2007 05:17 AM
the AdventNet one is the closest i've found. we'd intend to use it in conjunction with OpManager, but that's a pile of proverbial in my opinion. AdventNet is the only one i've found that will let me do ip:port level distinctions. netqos is the only other one i've any hope for, but am not sure either way right now.
I've also been trying out the whole orion suite, the core of which i'm currently keen on, but their netflow stuff is just appalling i think, not least as you must license directly in line with the main product. i want to monitor netflwo from my main cisco routers only? sorry guv, that's $17,000 becuase you also are monitoring 2000 other unrelated devices! I spoke to the product manager there and he claims to have seen the ligth from what i want from netflow... won't hold my breath though.
07-18-2007 05:22 AM
You only have to license the number of interfaces you will monitor with Netflow, not all the elements. Netflow has a different license than Orion. You could also look at Solarwinds Toolset which has Netflow monitoring and it works really well.
07-18-2007 05:31 AM
"The way our licensing work is that you either have NetFlow capabilities or you don't, and the pricing is a function of which Orion you buy."
- *Denny C. LeCompte
**SolarWinds,* Sr. Product Manager
do they not know their own licensing model?
08-22-2008 11:07 AM
I'm looking at SolarWinds and NetQOS. Has your opinion changed since this posting? Any other thoughts?
07-18-2007 05:13 AM
07-18-2007 05:27 AM
yeah that's certainly much more like it. I *think* we actually had a guy from Netqos come here and give us their spiel. what soon came to light and left us very confused would be that netqos actually has literally nothing to do with qos at all... strange name.
is this something you are generally using? you're able to get decent graphs of clustered app 1 vs 2 vs 3 over a wan link, not just port level stats?
thanks
chris
07-18-2007 05:33 AM
Netflow runs 24/7 and we view it 'when there an issue'. We use Adventnet, but I also have the SW Toolset on my laptop and use that exclusively at customer sites. It's great for quickly viewing whats going on or for a short time period. Adventnet works well for longer term trending (assuming it stays running).
07-18-2007 06:24 AM
Hello,
you can use Caligare Flow Inspector and their forwarding feature. You can create normal collectors (one for one device) and the special collector (i.e. TotalSum) and forward all netflow exports to the special collector (menu Options->Forwarding). Any statistic is made under selected collector, so if you want to see any traffic that was transferred through your network you will see this traffic in the "totalsum" collector. If you want to exclude any traffic from totalsum you can use the Options->Filtering feature. It is great software. We are using this software for three years and every next version is better.
Bye
07-18-2007 07:22 AM
Yep again there seems to be the basics there... ugly as sin though! thanks for the heads up, just looking at a trial now.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: