In contrast, sFlow can cover Layers 2 through 7. A device collecting NetFlow metrics in its flow cache exports them periodically based on active and inactive timeouts. Thus reports on recent and ongoing conversations may be delayed, depending on the timeouts.
In contrast, sFlow sends collected packet prefixes and counters in real-time. We reviewed the market for NetFlow analyzers and collectors and analyzed the options based on the following criteria:. Below, we look at several popular NetFlow-based network monitoring and analysis tools for Windows. All are sophisticated, having a considerable learning curve; so online training and good support are essential.
It features bandwidth monitoring , traffic analysis , performance analysis , alerts , customizable reports , policy optimization , and more. The NetFlow Traffic Analyzer gathers flow data exported by the flow-enabled devices tracked by the SolarWinds network monitoring software. As a flow analyzer, NTA identifies the users, applications, and protocols consuming the most bandwidth.
You can sort by ports, source, destination, and protocols, and view traffic patterns over minutes, days, or months. NTA and NPM are enterprise-grade packages, so even the free trial will consume considerable resources on your system. You can also start a day free trial. Noction Flow Analyzer offers three main strategies to network managers. These are to monitor and control bandwidth utilization , to implement capacity planning , and to detect and prevent network performance problems.
The system has a striking front-end. You are free to choose between the Light, Dark, or Auto theme options. Here, below, you can see the Data Explorer screen, which provides detailed network traffic stats in both graphs and report forms.
All data queries can be subsequently saved as widgets and placed on dashboards. Multiple dashboards can be set up in NFA. These are the collections of graphs that are typically grouped by a specific purpose, e. The network monitoring system lets you see live traffic data with the facility to examine traffic at each node or look at ends-to-end traffic between two given points.
You can set up alerts on any of the metrics that the Flow Analyzer collects. These are thresholds that will activate alerts when they are crossed. These alerts can be sent to technicians via email or Slack, so staff does not need to watch the network monitor unless a problem is developing. The system creates a Web server so the screens for the system are accessed through any standard Web browser.
Despite hosting the service yourself, you do not buy the software outright. Instead, you pay a subscription, with a rate per month or per year. There is one add-on service, which is to collect Border Gateway Protocol internet routing data from the network gateway. You can try the Noction system on a day free trial. The ManageEngine NetFlow Analyzer provides real-time visibility into network bandwidth and traffic patterns. The tool visualizes traffic by applications, conversations, protocols, etc.
Alerts can be set based on traffic thresholds. There are a variety of useful predefined reports, ranging from troubleshooting oriented to capacity planning and billing. Custom search reports can be created.
The web-based user interface has a default dashboard with several real-time pie charts, including a heat map showing the status of monitored interfaces, top applications, top protocols, top conversations, recent alarms, top QoS, and more. Hovering over a graphic usually provides an explanatory pop-up, and clicking on any graphic drills down to more details on the selected element.
There are specific displays for detecting security issues. Dashboards are customizable. Alerts show up as pop-ups on the user interface. Multi-site traffic can be analyzed; there is a smartphone app for mobile monitoring and alerting. The tool leverages advanced features of Cisco devices, including support for adjusting the traffic shaping and QoS policies on your network.
The free version allows unlimited monitoring for 30 days but then reverts to monitoring only two interfaces. ManageEngine has various related products to expand beyond NetFlow traffic-oriented data analysis into a full network management suite. Download the day free trial. Site24x7 Network Traffic Monitoring is a cloud-based traffic analyzer that forms part of several system management packages.
Site24x7 offers infrastructure monitoring, website management, and an application performance monitor, and a system for managed service providers. This tool provides live network traffic monitoring and also stores data for capacity planning and trend analysis.
As a cloud service, the dashboard is accessed through any standard web browser. All of the processing for the service is performed on the Site24x7 servers but there also needs to be an agent installed on site. The monitor communicates with network switches through a number of protocols.
The system extracts traffic statistics and it can also sample packet headers. The information taken from traffic enables the traffic monitor to identify traffic per application, per source and destination, and per user account. The system can communicate with the network devices supplied by more than vendors. Cons: User interface is easy to use, but could be improved upon.
Pros: A complete toolset for Netflow data collection and processing Allows users to create custom reports based on collected data The project maintains a small but active team around it.
Cons: Steeper learning curve than similar tools. Pros: Provides detailed visualization options for Netflow data Users can build reports from collected data Supports live monitoring. Cons: Outdated when compared to similar tools available Not as easy to use as competing tools Live monitoring is delayed. Pros: Syntax is easy to learn Can provide scheduled reports as often as every 60 seconds Is easier to use than other command line Netflow analyzers.
Cons: Only runs on Unix systems. Cons: Rarely updated, latest version was released in Pros: Features tools to aid in capacity planning and trend analysis Simple install requirements Leverages flow dump for faster data filtering. Cons: Is considered abandonware — no longer supported as of Cons: Is no longer being supported — the last update was in Pros: Ideal for tracking bandwidth usage through Netflow and Sflow Supports native graphic displays Maintains a small but active group of developers.
Cons: Cannot classify hosts into groups Database will grow indefinitely unless pruned Proxy servers skew network monitoring data. I include Paessler PRTG Network Monitor on a lot of my lists because of the comprehensive nature of its network monitoring capabilities.
PRTG has several use cases, including NetFlow monitoring, and it supports all the major flow protocols and more. You can only monitor a single site using the web application. If you want to monitor multiple sites or devices, you have to use the enterprise app on Windows.
It automatically finds devices on your network and alerts you to new changes, so you can account for potential issues as soon as they arise. PRTG is popular for its user-friendly interface.
The system is simple to set up and the navigation tree is easy to manage. The device tree shows you all the devices on your network and the sensors being used to monitor each of them. In addition to your standard applications, your device tree can include routers, access points, disk usage, IoT, firewalls, workstations, servers, and more. Digging into the device tree will show you relevant indicators and metrics at every level.
Its licensing is based on sensors, which means you have to consider how many sensors your network is going to need and how much those sensors will cost you as your enterprise begins to grow. This might limit you in terms of scalability. Similarly, it uses a proprietary database instead of the more common SQL database, which can cause compatibility issues depending on how your system is set up. The free version of PRTG Network Monitor gives you unlimited sensors for a month, but for every month thereafter you only get Essentially, using a SaaS system is like using the cloud.
This tool gathers details about the different types of data passing through your system and brings them together in one unified view. You can also integrate the data into other systems. The web-based interface is customizable, and the Kentik team continually adds new dashboards, giving you a wide variety of ways to look at your data.
Kentik Detect lets you customize the alerting system to alert you only when certain conditions have been met—for example, you might opt to receive alerts when an anomaly reaches critical status, but not when an anomaly has just been detected. I can see this function being equally helpful for people who like to be alerted about every little thing and those focused on the big picture. The Kentik Portal includes a function called Data Explorer, which lets you explore your network by breaking traffic data down into tables and graphs.
In addition, Kentik helps you make sure your traffic delivery is conforming to service-level agreement standards, which improves the client experience and cuts down on costs.
Before we move on to open-source NetFlow monitoring solutions, a word about open-source tools in general. Open-source software has exploded in popularity in recent years, for various reasons.
Some people believe technology resources belong in the hands of the people and not behind a paywall, while others simply feel open-source tools are as good as the paid ones. Be that as it may, when putting together lists like this one, I try to include open-source tools for those who are tech-savvy and not afraid of a challenge. When dealing with open-source, be sure to put the software through a stress test before you commit.
Nagios Core is the free, open-source version, and Nagios XI is the paid tool. As such, Nagios XI comes with more features and built-in tech support for configuration issues. Nagios Core can be difficult to get a handle on, though an active community of users can help you. Nagios XI is much better for NetFlow monitoring, because it has a more advanced user interface and supports extensions for a nuanced operating experience.
Capacity-planning graphs help you see how your network resources are spread out among applications, which enables smarter decision-making when it comes to triaging network needs in the future. The operations screen provides an overview of your network, while the operations center gives you detailed information. A word of caution about Nagios: their reputation for being a reliable, powerful, and scalable network monitoring option comes with a reputation for being difficult to configure.
Furthermore, Nagios Core does not have an auto-discovery function. Its advantage is the ability to customize the tools to suit your organizational needs, which can help you get the most out of the software. Nagios XI boasts a generous free-trial period—a full 60 days. Many of these tools can more than suffice for many network environments, but there are many cases where they may fall short, too! Be sure to asses each tool firsthand and consider your network and the importance of each aspect of tracking and analysis — admins who are running non-critical systems or have a smaller environment that isn't as easily crippled financially by an outage may find little issue here, but those overseeing multiple data-centers, or huge customer-facing servers may hesitate to put their well-being in the hands of the options above.
Individuals dealing with heavier or more strict and rigid environments would be best suited to check out some of the paid options, which tend to offer free trials and demos and can more than be worth their sometimes hefty cost. Editors' Rating. Average User Rating. Flowscan Flowscan is somewhat interesting in that it acts more as a generalized tool for visualizing NetFlow data rather than collecting and aggregating it for later analysis.
Cflowd While Cflowd is no longer under active support and updates, it's still a pretty reliable offering that does all the basic collection, storage, and analysis of NetFlow data.
Flow-tools Flow-tools, often paired with FlowViewer which is pictured above, is another pretty straightforward and simple open-source NetFlow analysis program.
0コメント