cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1503
Views
0
Helpful
1
Replies

Traffic analysis through Router Netflow and Firewall Syslog

mskumar_apk
Level 1
Level 1

Cisco Firewalls are exporting traffic information through syslog. Also Cisco Routers are exporting traffic information through netflow. What is the difference between these two technologies? Which technology should I use do get the correct traffic information.

What are all the advantages of Firewall Syslog traffic analysis over Router netflow traffic analysis? Any effects on these analysis if we have NAT in our setup?

1 Reply 1

John Blakley
VIP Alumni
VIP Alumni

Generally, syslog is for router related events such as ipsec connections, login failures/successes, etc. You can't get a good "flow" of traffic from syslog logging, but you can get history of when, say, someone logs into the VPN.

Netflow allows you to see who's using up bandwidth, what ports/applications are using the most bandwidth, and it can create trends. This can help you determine if you would need more bandwidth, more control over the types of applications/ports to allow out, or how to implement QoS.

Neither one of these technologies are affected by NAT setup (that I know of). They will work just fine.

And in answer to which you should use: Use both. They both do different things.

HTH,

John

HTH, John *** Please rate all useful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: