On 3/28/2014 6:31 PM, Luke S. Crawford wrote:
Oops, I meant to reply list, but just replied to Doug; re-sending to list
On 03/28/2014 08:35 AM, Doug Hughes wrote:
Have you thought about using sflow or netflow on the switch to capture
the aggregate stream data? it will capture the independent stream meta
information and send it to a collector where you can get some very nice
source/destination and stream size analysis.
I've talked about setting netflow or sflow or some other flow-based
monitoring system, it looks like it will solve a bunch of my other
monitoring problems, too.
Would that give me data to the resolution I need to detect sub-second
floods of traffic? My initial impression is that it would not... but
as I have yet to set it up, I don't know.
Like was said, it depends upon your sampling interval, but I find it
quite capable and ManageEngine Netflow Analyzer is very nice and not
very expensive. It allows graphing of source traffic, destination
traffic, per protocol and per conversation graphic, as well as flexibly
assigning nice names to groups of interfaces and thresholds for sending
alerts (email or snmp)
Here's a good blog about the sampling interval:
http://blog.sflow.com/2009/06/sampling-rates.html
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
