Traffic analysis through Router Netflow and Firewall Syslog

Unanswered Question
Dec 23rd, 2008
User Badges:

Cisco Firewalls are exporting traffic information through syslog. Also Cisco Routers are exporting traffic information through netflow. What is the difference between these two technologies? Which technology should I use do get the correct traffic information.

What are all the advantages of Firewall Syslog traffic analysis over Router netflow traffic analysis? Any effects on these analysis if we have NAT in our setup?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
John Blakley Tue, 12/23/2008 - 06:45
User Badges:
  • Purple, 4500 points or more

Generally, syslog is for router related events such as ipsec connections, login failures/successes, etc. You can't get a good "flow" of traffic from syslog logging, but you can get history of when, say, someone logs into the VPN.

Netflow allows you to see who's using up bandwidth, what ports/applications are using the most bandwidth, and it can create trends. This can help you determine if you would need more bandwidth, more control over the types of applications/ports to allow out, or how to implement QoS.

Neither one of these technologies are affected by NAT setup (that I know of). They will work just fine.

And in answer to which you should use: Use both. They both do different things.




This Discussion