A Firewall Monitoring Tool You Didn’t Know Existed: NetFlow and IPFIX
Posted in Firewall NetFlow, Log Management, NAT Reporting, NetFlow, NetFlow NAT Reports, NetFlow Reporting, NetFlow Security, Third Party Integration on September 7th, 2012 by Adam PowersIT professionals have been looking for better ways to monitor and store firewall logs for years. Properly handled, firewall events can give insight into APTs, DoS attacks, firewall rule planning and misconfigurations, policy violations, and much more. To date, Syslog has been the go-to mechanism for access to firewall log info. It’s universally supported by the firewall community, easy to understand, and it’s quick to implement on both the firewall as well as the syslog analyzer.
Unfortunately syslog is resource intensive on both the firewall and the log analyzer. It’s largely unstructured, requires string pattern matching, and the exact format and fields vary from one firewall to the next. How often do you turn on full “Accept” and “Deny” logging for every rule? Sure you can and yes it’s valuable but the amount of syslog created is tremendous.
Enter NetFlow and IPFIX…


