[c-nsp] Netflow analysis tools?

Jeff Wojciechowski Jeff.Wojciechowski at midlandpaper.com
Thu May 22 10:06:00 EDT 2014 

I too am very happy with Plixer/Scrutinizer. Been using them for about 3 years. As Rick said, support is awesome. I know most of the support guys there by name and had to use them this morning to migrate to a new server.

Jeff Wojciechowski
Network Engineer II  - Midland Paper Company

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Rick Coloccia, Jr.
Sent: Wednesday, May 21, 2014 2:10 PM
To: Eric Van Tol; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Netflow analysis tools?

+1 Plixer/Scrutinizer.  Very affordable, powerful, easy to use, very
responsive to service requests.  Been happy for years with them.

On 5/19/2014 10:30 AM, Eric Van Tol wrote:
>> -----Original Message-----
>> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
>> Scott Granados
>> Sent: Friday, May 16, 2014 10:16 AM
>> To: cisco-nsp at puck.nether.net
>> Subject: [c-nsp] Netflow analysis tools?
>>
>> Good morning,
>>      I'm starting to work with Net Flow data and am looking for both good
>> background documentation to get more familiar and suggestions for an
>> analyzer.
> Scott,
>
> Disclaimer: Long email, no financial stake in any company discussed.
>
> We recently went through a Netflow comparison between Plixer Scrutinizer and Solarwinds NTA after evaluating some open source tools which we were not quite satisfied with.  We ended up going with Scrutinizer for a few reasons:
>
> Better pricing model (for us) - we only needed a small number of exporters (under 25).  The SW pricing model is such that the NTA license must follow the NPM license, so if you have an SLX (unlimited) license (like we have), you need an SLX NTA license ($15K list).  The alternative is that you can purchase another small 25-node license of Orion *and* NTA.  Scrutinizer 25-node license was less expensive (with appropriate end-of-quarter discounts) and supports unlimited number of interfaces per exporter.  Yearly software maintenance is less expensive, too.
>
> More version support - Plixer supports v5, v8, v9, and IPFIX formats and IP/IPv6/MPLS Netflow data.  Solarwinds has no plans on supporting IPv6 or MPLS - IPv6 has been a feature request for more at least 3 years on their support forum and unless one of their Fortune 500 enterprise customers absolutely demands MPLS support, forget about that getting added.
>
> Reporting - Scrutinizer supports dozens of reports right out of the box.  NTA only had a dozen or so.  The process by which you can build reports in NTA was more tedious than it is in Scrutinizer.
>
> Analyzation - Scrutinizer has the ability to do "flow analytics" that can examine the incoming data and identify things like suspected DDoS attacks, botnet activity, brute force attacks, etc. and alert you based on criteria you set.
>
> OS - NTA requires Windows, obviously, whereas Scrutinizer's virtual appliance uses ESXi host and is a CentOS guest install.  They do have a less-expensive standalone Windows installer, but it does not support more than around 10K flows per second (fps), but this may suit you.
>
> Sales - The Plixer sales person was very respectful of my time to make a decision.  He gave me the end-of-quarter parameters and checked in with me once every week or two weeks or whenever I had a question.  The Solarwinds sales person kept calling and emailing, and just plain being a damned pest about it.  He pissed me off, and to be honest, this was one of the biggest reasons I went with Plixer.  Note to sales people - I don't give a s**t how tenacious you are - when I tell you not to bug me and flat out tell you that you are being a pest, you can be sure I won't purchase your product.
>
> Both supply web-based GUIs, configurable dashboards, configurable alerting, and mapping capabilities.  Solarwinds has a more "polished" interface and is definitely a lot more "pretty" to look at, but when it came right down to it, we felt that Scrutinizer was the better choice, given the above points.  That said, SW NTA is a great product and might be a good choice if you have executives or non-technical people that like great-looking reports and/or if you are lonely and feel like talking to a sales droid whose only motivation is to sell you NTA with the ingrained tenacity of a T-1000 looking for John Connor.
>
> -evt
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


--
Rick Coloccia, Jr.
Network Manager
State University of NY College at Geneseo
1 College Circle, 119 South Hall
Geneseo, NY 14454
V: 585-245-5577
F: 585-245-5579

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

________________________________

This electronic mail (including any attachments) may contain information that is privileged, confidential, or otherwise protected from disclosure to anyone other than its intended recipient(s). Any dissemination or use of this electronic mail or its contents (including any attachments) by persons other than the intended recipient(s) is strictly prohibited. If you have received this message in error, please delete the original message in its entirety (including any attachments) and notify us immediately by reply email so that we may correct our internal records. Midland Paper Company accepts no responsibility for any loss or damage from use of this electronic mail, including any damage resulting from a computer virus.

More information about the cisco-nsp mailing list