Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
NetFlow
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Variants == === Cisco's NetFlow Security Event Logging=== Introduced with the launch of the [[Cisco ASA]] 5580 products, [http://www.cisco.com/en/US/docs/security/asa/asa81/netflow/netflow.html NetFlow Security Event Logging] utilizes NetFlow v9 fields and templates in order to efficiently deliver security telemetry in high performance environments. NetFlow Security Event Logging scales better than [[syslog]] while offering the same level of detail and granularity in logged events.{{Citation needed|date=February 2011}} === Monitoring based on standalone probes === {{Original research|section|date=March 2009}} [[File:NewNetFlowApproach.png|thumb|right|NetFlow architecture using standalone probes.]] NetFlow collection using standalone NetFlow probes is an alternative to flow collection from routers and switches. This approach can overcome some limitations of router-based NetFlow monitoring. The probes are transparently connected to the monitored link as a passive appliance using the TAP or SPAN port of the appliance. Historically, NetFlow monitoring is easier to implement in a dedicated probe than in a router. However, this approach also has some drawbacks: * probes must be deployed on every link that must be observed, causing additional hardware, setup and maintenance costs. * probes will not report separate input and output interface information like a report from a router would. * probes may have problems reporting reliably the NetFlow fields related to routing, like [[Autonomous system (Internet)|AS Numbers]] or [[Classless Inter-Domain Routing|IP masks]], because they can hardly be expected to use exactly the same routing information as a router. The easiest way to address the above drawbacks is to use a [[packet capture appliance]] inline in front of the router and capture all of the NetFlow output from the router. This method allows for storage of large amount of NetFlow data (typically many years worth of data) and does not require reconfiguration of the network. NetFlow collection from dedicated probes is well suited for observation of critical links, whereas NetFlow on routers provides a Network-wide view of the traffic that can be used for capacity planning, accounting, performance monitoring, and security.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)