Email alerts from Scrutinizer Alarms

Posted in General, Logalot, Scrutinizer on January 6th, 2009 by Jo-G
email-alerts-from-scrutinizer-alarms

One question that has been asked repeatedly by customers is, “Can I send email notifications from alarms generated by Scrutinizer?”

And the answer is a resounding, “Yes, you can!”.

However, it does require another of our products, which can be installed right over Scrutinizer. This add-on product is Logalot, our Centralized Log Management application. There is a free version of Logalot is available, which may be sufficient for your immediate needs. Installation and configuration takes a mere matter of minutes and is further simplified with the assistance of one of our Presales Support Engineers.
Read more »

Tags: , , , , , , , ,

Leave A Comment »

What is Flexible NetFlow part 3 of 3

Posted in General on January 3rd, 2009 by mike@plixer.com
what-is-flexible-netflow-part-3-of-3

How can my company benefit from Flexible NetFlow?

Prior Reading
In the first blog I covered the 3 key advantages of Flexible NetFlow. In the second blog I covered the 3 caches of Flexible NetFlow. In this third and final blog I will cover how companies may end up taking advantage of Flexible NetFlow.

Traditional NetFlow will Dominate
Probably the single most popular way companies use NetFlow won’t change. Traditional NetFlow using a Normal Cache exists for the same reason NetFlow v5 is still more popular than NetFlow v9. In most cases, it provides the details necessary to solve the major issues.
• who is causing the problem
• who are the top talkers, applications, etc.
• what are the abnormal behaviors

Permanent Cache
Permanent Cache on the other hand could end up replacing Cisco’s IP Accounting technology as this type of cache can mimic the running counters of a MIB table. It can also be used to store routing information that is fairly static and doesn’t need to be exported frequently. Note: since it is limited in size, packets matching the filter could be dropped if the cache is full. A counter is maintained on the number of dropped packets.

Immediate Cache
An Immediate Cache could be leveraged to trigger packet captures based on alerts initially triggered by a collector. The collector triggers the Immediate Cache by watching for network behavior patterns in traditional NetFlow. Once the packet captures come in, they can be:
• kept on the collection server until the administrator is ready to dig in for details
• sent off to an IDS for deeper inspection

NetFlow Event Logging
In some cases, NetFlow Event Logging (NEL) could replace traditional syslogs technologies as up to 18 events from the Cisco ASR 1000 can be packed into a single NetFlow datagram.

Information on Flexible NetFlow is slowly making it onto the web. As a Cisco Technology Partner, we work with key individuals at Cisco Systems.

Benoit Clais and Michael Patterson at Cisco Networkers 2008

Above is a picture of me at CiscoLive 2008 with Cisco’s NetFlow Visionary: Benoit Claise.  Check out Benoit’s book.

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter
Tags: , , ,

2 Comments »