Anomaly detection across multiple Cisco NetFlow- and sFlow-exporting devices is a topic I believe we engineered well. It is also an important subject because performing Network Behavior Analysis across dozens of flow-sending devices is critical to avoid excessive notifications and to gain:
* A global view of the problem.
* Alarm capture at the ingress interface or edge of the network.
* Ease of configuration enterprise wide.

The Flow Analytics Overview shown below outlines each algorithm as well as the corresponding Time it takes to run and the Count of violations in the last 5 minutes. Click on each value to display a trend.


To add or remove routers from an algorithm, simply click on the router icon shown above. The window below will appear:


Adding and removing routers and switches from each algorithm is simple. Select the drop-down box to jump to another algorithm. Other Flow Analytics blogs can be found here.

Mike Patterson author pic


Michael is one of the Co-founders and the former product manager for Scrutinizer. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned. Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix which later became Plixer.


Leave a Reply