One of the things that sets our NetFlow and sFlow analysis tool apart from our competitors is the dynamic reporting options that exist within our reporting engine.
I had a customer the other day show me how he was using Scrutinizer to catch DNS pirates.
Let’s take a look at how he setup the report filter to do this.
Over the last few weeks I have taken a number of support calls from customers who were looking for some assistance configuring their Cisco ASA. So I figured that I would take this opportunity to revisit some older blog subjects.
In my opinion, the easiest way to get NSEL exporting from these security appliances is through the use of the ASDM interface. This simple, GUI-based firewall management tool allows you to quickly configure the Cisco ASA without having to use the cumbersome command-line interface.
And that brings me to the subject of this blog.
Configuring the Cisco ASA using the CLI is really not that much different that configuring NetFlow on any other router or switch. You define your timeout value, flow export destination, and which interface is going to send the export. The difference is that you need to set up a service policy, and access rules that allow the export. As well as define which events are going to get exported and where.
So let’s get started.
For most of the last year I have been working as a member of the Technical Support Team here at Plixer International. But as of July 1st, I have moved from Technical Support to a Pre-Sales Support role on the Sales Team. In my new role I will be responsible for providing technical support for all pre-sales/evaluating customers.
I just want to say that it has been a pleasure working with the many customers that I’ve talked to over the last year. I wish you all much success in your Network Admin/IT endeavors.
If you are new to the NetFlow technology, I would welcome the opportunity to demonstrate the benefits of using NetFlow and our network analysis tool to open windows into what is going on over your network. The following information is made available via the flow packets: source IP address, destination IP address, source port number, destination port number, protocol type, type of services, and the router input interface.
Exporting flows to a NetFlow collector provides a deeper level of detail that was up to this point unavailable in network management. This type of information has proven invaluable in detecting worms, port scans, DDoS attacks, and other security threats and network misuse.
At the support desk we often get asked questions about NetFlow technology and what, if any, performance impact enabling NetFlow will have on their routers or switches.
Cisco® NetFlow technology is an embedded feature within Cisco IOS routers and high end switches. NetFlow data records consist of information about source and destination addresses, along with the protocols and ports used in the end-to-end conversation. The NetFlow feature set allows for the tracking of individual IP flows as they are received at a Cisco router or switching device.
Network administrators can use the NetFlow flow records for a variety of purposes, including accounting, billing, network planning, traffic engineering and user or application monitoring.
Many customers who are new to NetFlow are naturally cautious about introducing it into their network. They need to understand the potential performance impact of enabling NetFlow before they are willing to deploy it. Cisco has released a NetFlow Performance Analysis paper that examines the CPU impact of enabling NetFlow services in various scenarios on several different Cisco hardware platforms.
Before you get too concerned about what the report is showing, look at those flow numbers. They represent a ”worst-case scenario” in terms of the traffic flows seen by the routers, and the results must be viewed in that context.
Now that you have decided to enable NetFlow on your routers and switching devices, it’s time to put that flow data to work for you.
Let us show you how our NetFlow and sFlow Analysis Tool provides the best custom reporting engine on the market today, supporting leading edge technologies like Cisco ASA, Flexible NetFlow, IPFIX, and NBAR.
Give me a call – (207)324-8805
-Scott
My daughter recently started a temporary Marketing position here at Plixer. And as with most people when they get their first job, she was very nervous about the new environment she would be coming into.
Adding to her nervous tension was the opportunity to see and meet Mix Master Mitch in person.
While I would not lump her in with the usual NetFlow maniacs that follow Mitch from town to town, I am sure she was aware of his superstar status and had seen the Mix Master’s videos (who hasn’t?). For the first few days, she would try to avoid the famous artist for fear of embarrassment. It wasn’t until Mitch left an autographed 8×10 on her desk that she finally was able to relax around the Rap legend.
Don’t miss your chance to see Mitch and his NetFlow posse live as the tour heads out to sunny Las Vegas next week for Cisco Live!
Stop by the Plixer booth and let the team show you how our NetFlow and sFlow Analysis Tool provides the best custom reporting engine on the market today, supporting leading edge techologies like Cisco ASA, Flexible NetFlow, IPFIX, and NBAR.
Put our network monitoring and analysis tools to work for you today.
Give us a call – (207) 324-8805
-Scott
Why do you want to know what is going on in the traffic flow of a network?
What’s the point?
Why doesn’t utilization alone cut it?
Network Administrators don’t typically have a lot of time on a day-to-day basis. There is always some fire to fight, some network or user issue that comes up. Most times your juggling more than one issue at a time. So you find yourself spending most of your time trying to keep the network running and the users happy.
A Network Administrator’s abilities are only as good as his awareness of what happens on his network.
Monitoring and maintaining your network traffic and bandwidth utilization used to be an overlooked aspect of your job. But evolution of technology has changed the makeup of networks everywhere and has forced network managers to include Flow analysis and monitoring in their network management strategies.
Network Flow Analysis is the art of studying the traffic on a computer network. It is the industry-standard method of collecting and recording network traffic. Flow analysis lets you see what types of traffic passed between hosts, without having to reproduce the problem.
The other day I took an interesting call from a customer who was concerned because he was suddenly seeing his flows per second count almost double. He had just upgraded his Scrutinizer NetFlow and sFlow traffic analysis application to the latest version and he thought that maybe something had changed to cause this to happen.
I assured him that nothing in the Scrutinizer upgrade would have caused him to see his flow count increase. And after talking with him, I learned that he had also just upgraded the IOS on his routers.
Were we looking at some kind of a ”perfect storm“ scenario?
Of course not!
Recently Mark Leary, wrote a blog about the “Top Ten IOS Services You Should Be Using Now!” In the blog he talks about some of the key high-value IOS services that can go unnoticed and unused by network operators.
Plixer International can help you put a number of these services to work for you by providing the best network analysis and reporting tools available on the market today.
We have talked for a long time about the benefits of using Cisco IPSLA as a proactive method of reliably measuring network performance. Raul Duran wrote a series of blogs talking about the use of IPSLA operations, and believes that IPSLA should be a part of every Network Administrator’s toolbox. Using our SNMP Performance and Trending tool, data can be retrieved and trended, enabling users to graph performance over time.
When it comes to Network Traffic Monitoring, how the data is stored, how long the data is stored, and how the data is presented, ultimately makes the difference when you select the NetFlow and sFlow analysis tool that you use.
Scrutinizer processes the NetFlow data exported from the devices and stores it in a database for traffic analysis and reporting. The flexible data history settings allow you to customize the storage patterns in the database based on the granular NetFlow reporting requirements you have, and your available disk storage resources.
We have all seen a number of blogs over the past few months talking about Flexible NetFlow. And with customers moving to the Cisco Nexus model switches, which run on Cisco’s NX-OS operating system, we are now assisting in an increasing number of Flexible NetFlow configurations.
A big advantage of the Flexible NetFlow concept is that the user can define the flow. The user-defined flow records and the component structure of Flexible NetFlow make it easy for you to create various configurations for traffic analysis and data export on a networking device with a minimum number of configuration commands.
Don’t be intimidated by the move to Flexible NetFlow.
Flexible NetFlow includes several predefined records that you can use right away to start monitoring traffic in your network.
These predefined records are available to help you quickly deploy Flexible NetFlow. And they help ensure backward compatibility with your existing NetFlow collector configurations for the data that is exported.
Each of the predefined records are based on the original NetFlow ingress and egress caches and the aggregation caches, and each has a unique combination of key and non-key fields that offer you the built-in ability to monitor various types of traffic in your network without customizing Flexible NetFlow on your router.
Many users will find that the pre-existing Flexible NetFlow records are suitable for the majority of their traffic analysis requirements.
