[c-nsp] netflow monitoring
Justin M. Streiner
streiner at cluebyfour.org
Thu May 10 10:37:21 EDT 2007
Just out of curiosity, what sorts of freeware/open source tools are people
using to provide some level of alerting based on netflow data? Most of
the open source tools I've seen do visualization and/or data collection,
but the alert capabilities were lacking, at least the last time I looked.
I also realize that the alerting capabilities are a bit of a moving
target. Rule-based alert systems, i.e. if incoming tcp/445 traffic to
network X reaches Y pps, do action Z, or more automated baseline/delta
systems are both options.
As much as I'd like to go with a known-solid commercial solution like
Arbor Networks, the $$ isn't in the budget for that right now.
Any thoughts are appreciated.
jms
More information about the cisco-nsp
mailing list