100% netflow implementation

[LynK]

Hey guys,

I am looking for some insight on some good netflow ME vendors. Do you know of any good resources/vendors that do this well. Provide clean UI, as well as being quite affordable?

I am currently looking into plixer's scrutinizer netflow server. Has anyone used this product?

[deanwebb]

I've seen it in demos and it looked very slick, and I preferred the GUI to Lancope. No idea on cost, but that's the one that I want to play with the most.

[LynK]

I've seen it in demos and it looked very slick, and I preferred the GUI to Lancope. No idea on cost, but that's the one that I want to play with the most.

Maybe I'll let u webex in for some goodies?  When I get it deployed 

[deanwebb]

Oooh! That's the way to share information amongst colleagues!

[LynK]

Oooh! That's the way to share information amongst colleagues!

yeah. For sure. We currently are using appneta, but it is a pain, and requires a physical device at every location. Why deploy that when we can use the netflow features already within our devices

[LynK]

Okay guys,

So far the product is very good. I am able to see detailed analysis of many things, which I like. However I did find some issues.

Issue #1: We have 120-130 MPLS sites. I wanted to create a report of a life feed of our WAN interface throughput. I wanted to exclude our big HQ mpls routers because their bandwidth size would alter the graph so much so, that I would not be able to distinguish the T1 interfaces.

Solution attempt #1: Okay, I will exclude the 2 devices from the report. right? Doesn't work. As of right now you cannot exclude devices/interfaces. You can exclude everything else under the sun... but not devices. So right now I am having to manually add 130 sites to the MPLS report i wanted.

Feature #1: Everything is customizable. Tabs, charts, you name it. It is your personal play world. I love it... I just wish they would streamline the addition/removal of devices.

Here are some pics for your enjoyment. in the chart you will see my CEO pegging out his pipe watching netflix movies/instagram. haha. It is his personal connection. so who cares.


2nd pic shows all of our sites, and a nice UI which shows the in/out rates of each site. Triggers can be made, emails/alerts can be sent. +1

[deanwebb]

Yeah, that looks as sweet as it did in the demo. You know you got something really neat when you can get it to look like the demo almost right away in production.

[LynK]

@dean

It was very easy to setup. Used prime to push the netflow config to all the routers. EZPZ. I am seeing a benefit for it. The price for 250 devices with advanced monitoring is like 80k. For 40 appneta devices it is around 80k... lol

Today I am going to be getting the HQ devices on it. ASAs/Nexuses/Access switches/ 3130x's/ etc.

[mmcgurty]

I am late to the party but we use Lancope StealthWatch where I work.  While not cheap, we do manage about 1000 stores and about 10 corporate sites with it (including a data center).  We tried a bunch of vendors out in 2007 to 2008 with Lancope coming out on top by far.

[LynK]

I am late to the party but we use Lancope StealthWatch where I work.  While not cheap, we do manage about 1000 stores and about 10 corporate sites with it (including a data center).  We tried a bunch of vendors out in 2007 to 2008 with Lancope coming out on top by far.

what do you see as the biggest benefits for utilizing lancope? I am curious to know what you primarily use it for.

[mmcgurty]

I am late to the party but we use Lancope StealthWatch where I work.  While not cheap, we do manage about 1000 stores and about 10 corporate sites with it (including a data center).  We tried a bunch of vendors out in 2007 to 2008 with Lancope coming out on top by far.

what do you see as the biggest benefits for utilizing lancope? I am curious to know what you primarily use it for.

We have a lot of finger pointing at the network when something doesn't work (but it never turns out to be the network).  We will often use the data to show an application did talk at a certain time on a certain port from X to Y between these hours and used X amount of bandwidth.  We can also see at a moments notice if someone pushed a job that is consuming all the WAN link and what the job is (usually system patching or AV updates).  We use it during projects to make sure our vendor rate limits their application and adheres to time of day for syncing devices on off-hours across the broadband connections.

Our security team uses it in conjunction with a plug-in also purchased from Lancope but I don't remember the name.  They absolutely love seeing infected systems trying to get out to the Internet.  They also get alerts when someone starts doing a long transfer of data out of the ordinary (DLP). 

I bet we use some portion of Lancope StealthWatch daily on our team.  I think next year we are migrating from the current hardware (rebranded Dell servers) from physical to virtual infrastructure to save space in our Data Center.

[LynK]

@mmcgurt
@deanwebb

Please help me to understand why they have amazing UI on their boxes, but when you go into the SMC it turns into this 90's archaic data running on java

Am I missing something here?

[deanwebb]

Cisco archaic versions of java

I think it's a requirement to use dangerously outdated versions of java if you want Cisco to market your product along with their line of gear.

[Otanx]

And if you can make the user interface and the admin interfaces require different outdated versions of java even better.

-Otanx

[LynK]

And if you can make the user interface and the admin interfaces require different outdated versions of java even better.

-Otanx

LMAO... please don't remind me.