[c-nsp] looking for a netflow analyzer

[nick.nauwelaerts at thomson.com]

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of 
> Nauwelaerts, Nick (TCM)
> Sent: Wednesday, October 04, 2006 4:31 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] looking for a netflow analyzer
> 
> Hello,
> We're looking for a somewhat easy to use netflow analyzer. The issue
> we're trying to solve it that we have a lot of vpn connections which
> include a lot of subnets (some /16's and a lot of /24's) and since
> they're vpns we have limited visibility of what goes through them. So,
> on the last hop before the vpn tunnel broker we're doing a netflow
> export so we can get an idea of what's moving through it.
> Now we need an easy to use frontend for this data, preferably 
> something
> web based. We've tried flowtools with various web addons, but those
> didn't cut it. We tried ntop, it also didn't do what we are 
> looking for.
> We also used plixer scrutinizer, who's custom reports were 
> what we were
> looking for - regretfully those were limited to only 256 hosts which
> doesn't even come close to a /16.
> 
> Does anyone have any recommendations or other ways to solve this
> problem? We just need a netflow analyzer which allow us to 
> set up groups
> of hosts and have a semi realtime idea of what traffic they are
> producing. Placing a packeteer box in between the vpn tunnel broker &
> router might prove a bit expensive if it's just for visibility.

Thanks to everyone for their responses. I'll have a closer look at them
to see if I can get them to do what I want.

Take care.

// nick