Nagios Core lacks auto-discovery, and you must learn to set up and maintain complex configurations. On the plus side, it does give you a lot of flexibility to customize and extend the tool.
Community-developed addons can perform discovery and help you get started with configuration. You can use the free day trial to evaluate the for-cost version. The commercial version Nagios XI has a richer range of features, including automated support for discovering your devices and hosts, automatically configuring the tool, and commercially-supported addons. It has a much more sophisticated user interface and more advanced reporting that covers trends, capacity planning assistance, etc.
It includes an auto-discovery tool and a configuration wizard for adding a new device, host, or application. Once Nagios XI is installed and monitoring, the Operations Screen gives you a high-level view of the current state of the network, and the Operations Center lets you drill down to the items mentioned. The Host Status page shows a summary of metrics for the monitored hosts.
You can drill down to an individual host to see details including performance graphs, capacity planning info, alarms, etc. Nagios is a well-regarded solution for network monitoring. As with other tools that offer a fully-free vs commercial version tradeoff, you must decide whether you have or will develop the expertise and time to use the free tool, or whether it would be more cost-effective to pay for the automation and support of the commercial version.
Kentik Detect , in contrast to the traffic analyzer tools above, is a pure Software-as-a-Service SaaS system. As such, it offers the scalability of the cloud. Networks are growing, and off-premises network resources are more vital to success. Thus, traffic data is becoming big data, and cloud-based big data solutions start to make sense. Kentik aims to capture the details of multiple types of data, provide a unified view of all of it, and provide interfaces for accessing the data and integrating with other systems.
Kentik Portal is a web-based interface of course and provides a growing range of configurable dashboards. The Data Explorer permits ad-hoc exploration of the collected network data. You can quickly drill down and filter on potentially billions of records, obtaining views in the form of tables and graphs.
Alerting to notify you of unusual conditions can be set up by creating policies that define when an alert will enter the alarm state. Alerts can be sent by various media, including email, Slack, paging, etc. Perhaps none of the above pre-packaged NetFlow analyzers are customizable enough or powerful enough to meet your needs. There are multiple packages for time-series data capture and analytics available that make this quite doable.
Several are free open-source software; some are not. Some can be integrated with prepackaged analyzers, such as Plixer and ntopng. Splunk captures real-time data and provides web-based facilities for analyzing and visualization. The ELK Stack — Elasticsearch, Logstash, and Kibana — is an open-source analytics toolset typically used with data that resembles log messages.
Elasticsearch is a popular distributed search and analytics engine. Logstash is a data collection and log-parsing engine. Kibana is a browser-based data visualization dashboard for analytics and search.
Logstash includes a codec for processing multiple versions of NetFlow data. Cisco has a guide for doing it, and there are several other articles online. People have built systems using the ELK Stack with other popular components, such as the Riemann distributed system monitoring and alerting tool. An alternative to logstash is fluentd. Another powerful tool, sometimes used with Influxdb is Grafana , an open-source package for time-series analytics and visualization. Grafana is analogous to Kibana, but where Kibana is log-message oriented, Grafana is metrics-oriented.
Multiple excellent tools for network monitoring and traffic analysis are available. Small organizations have an array of free choices, and large or growing organizations have many for-cost options. In recent years, open-source solutions have become widely implemented for many types of networking software and also for business and network security applications.
A benefit of open source projects is that anyone can read the code that drives the software. By that inquiry, you can be sure that there is no malicious code hidden inside the program. Usually, open-source projects are maintained by volunteers. The benefit of enthusiast-developed software is that it can be given away for free. When you consider using open source software for network monitoring and analysis, check out the packages that interest you and test them thoroughly before you commit the network to it.
Consider paying for network analysis tools in order to get guaranteed performance and also support from the commercial organizations that provide that paid software. Anyone who wants to contribute the effort to learn has a toolbox of powerful components that you can use to roll your own solution. Your final choice depends on the size and complexity of your network, the expertise you bring or want to develop , and how you expect your network to evolve in the future.
SNMP is more usually used to check on the performance of network equipment, while NetFlow enables the gathering of information about the network traffic that passes through the device. The free ntopng is a packet capture tool that enables header data to be sorted and grouped in order to gain statistics on network traffic. Wireshark is a good alternative that is free to use and has basic packet sorting and header analysis capabilities in its data viewer.
NetFlow Analyzer is a tool provided by ManageEngine. In order to change the MySQL port used by the tool from to another port, you need to edit the mysql-ds. I wish Scrutinizer from Plixer had made your list.
Maybe next time. This site uses Akismet to reduce spam. Learn how your comment data is processed. Comparitech uses cookies. More info. Menu Close. We are reader supported and may receive a commission when you make purchases using the links on our site. John Kimball. Runs on Windows Server.
Start a day free trial. Runs on Linux. Installs on Windows Server. Nprobe and ntopng A straightforward network monitoring system in both free and paid versions. Plixer Scrutinizer A cybersecurity activity monitor that is available for installation, as a cloud-based service, or as an appliance. Kentik Detect A cloud-based service that can analyze your on-premises traffic. Splunk A well-known and highly respected packet sniffer that can collect data by analysis through more sophisticated tools.
Elastic Stack Log file collection and analysis tools that can be adapted to work with NetFlow. Latency sFlow can have lower latency than NetFlow. For example, you can set the parameters of the alerts you see.
On the main screen, a breakdown of current alerts shows every warning that has been raised. This allows you to run in-depth diagnostics and troubleshooting on your network based on the historical data you have available. This is useful for correcting faults and optimizing your network.
With the free trial version, you can monitor an unlimited number of interfaces. You can download a day free trial.
Network Monitor has become a popular platform on account of its user interface. The navigation tree is very simple so that you can cut straight down to the minutiae of your network traffic. Likewise, the setup process is very easy. Auto-discovery finds active devices on your network. You can configure alerts to be sent to you via email or SMS. Paessler PRTG can be downloaded as a free trial. The web-based console is great for organizations looking for fast and flexible deployment.
You can view NetFlow data in a variety of ways right down to active flows by application. You can also see how much latency you have on your network at one time. The platform does this by breaking down the networks 3-day handshake packets and calculating the time it takes for them to transfer. The latency is determined by how long it takes for the packets to move across the network. You can choose a variety of visual displays to look at and comb through your historical data by time and date.
The free version of ntopng is called the Community version and can be downloaded from here. In terms of scalability, few products offer as much potential as Scrutinizer. Scrutinizer can function in a variety of SME and larger enterprise environments with the capacity to handle millions of flows per second. In addition, Scrutinizer offers a great user interface lets you delve down deep into the time frame, host application, and protocol of all your network elements.
A reporting feature breaks down NetFlow data for further analysis. As a result, it can be deployed seamlessly within a larger organization. Scrutinizer can be downloaded for free from here. This tool is considered to be one of the best value products available online. One of the draws of The Dude is that it is simple to deploy. You can also use this information to draw up maps and create a topological perspective.
Overall, The Dude is very easy to use and install. If you want a tool to hit the ground running, then this is a solid option. The Dude can be downloaded from here. WireShark is one of the most well-known NetFlow analyzer tools in the world.
At one point or another almost every network administrator has dabbled with WireShark or considered it. Most administrators use WireShark to identify when a bottleneck occurs. This helps produce a complete perspective of an entire network. One particularly useful feature offered by WireShark is that of filters. Display filters determine what type of protocol traffic is displayed when analyzing netflows.
This is an extremely useful feature because it can often be incredibly difficult to manually sift through thousands of NetFlow processes on an active enterprise network.
It also helps in regards to troubleshooting. All of the tools below are free, although usually at the expense of some of the more advanced features. SolarWinds makes great tools for managing your entire network, from servers to VMs to network traffic. The full Suite allows you to keep tabs on all your devices wherever they may be and send alerts when something goes awry.
The NetFlow traffic analyzer is only a part of that larger suite, but it will analyze the network traffic in real-time and show you any issues it finds. It offers a wide variety of customization and other standard features out of the box that many other software platforms don't come with.
Download Trial. The clean interface and helpful graphs give you all the information you need right away, and the automatic recognition of suspicious activity is very helpful. For a Quick and Dirty analysis of Flow data, this might be a good tool for you to utilize — but if your looking for a longer term solution, you will need to purchase a license! Lucky for many of us, Solarwinds has a Response time Viewer for Wireshark that makes sorting and searching for events much easier, you can see the full review here.
0コメント