Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Traffic analysis through Router Netflow and Firewall Syslog

Cisco Firewalls are exporting traffic information through syslog. Also Cisco Routers are exporting traffic information through netflow. What is the difference between these two technologies? Which technology should I use do get the correct traffic information.

What are all the advantages of Firewall Syslog traffic analysis over Router netflow traffic analysis? Any effects on these analysis if we have NAT in our setup?


Re: Traffic analysis through Router Netflow and Firewall Syslog

Generally, syslog is for router related events such as ipsec connections, login failures/successes, etc. You can't get a good "flow" of traffic from syslog logging, but you can get history of when, say, someone logs into the VPN.

Netflow allows you to see who's using up bandwidth, what ports/applications are using the most bandwidth, and it can create trends. This can help you determine if you would need more bandwidth, more control over the types of applications/ports to allow out, or how to implement QoS.

Neither one of these technologies are affected by NAT setup (that I know of). They will work just fine.

And in answer to which you should use: Use both. They both do different things.



HTH, John *** Please rate all useful posts ***