Traffic analysis through Router Netflow and Firewall Syslog
Cisco Firewalls are exporting traffic information through syslog. Also Cisco Routers are exporting traffic information through netflow. What is the difference between these two technologies? Which technology should I use do get the correct traffic information.
What are all the advantages of Firewall Syslog traffic analysis over Router netflow traffic analysis? Any effects on these analysis if we have NAT in our setup?
Re: Traffic analysis through Router Netflow and Firewall Syslog
Generally, syslog is for router related events such as ipsec connections, login failures/successes, etc. You can't get a good "flow" of traffic from syslog logging, but you can get history of when, say, someone logs into the VPN.
Netflow allows you to see who's using up bandwidth, what ports/applications are using the most bandwidth, and it can create trends. This can help you determine if you would need more bandwidth, more control over the types of applications/ports to allow out, or how to implement QoS.
Neither one of these technologies are affected by NAT setup (that I know of). They will work just fine.
And in answer to which you should use: Use both. They both do different things.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...