Solved

Netflow vs. Syslog

Posted on 2006-06-12
2
4,933 Views
Last Modified: 2012-05-05
Hello-
I am trying to do some audti/monitorng on my network equiptment (primarily Cisco).  I am trying to understand the difference between Netflow and Syslog messages and when would I use one vs. the other.  Many thanks!
0
Comment
Question by:jfexchange
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 16888241
Netflow gives you excellent insight into connections - who's talking to whom, but what protocol and for how long. Qualify/quantify all your traffic with ease.
Syslog sends/gets all the system messages, error messages, IDS messages, etc. Identify high CPU utilzation, access-list hits, system errors, interface down messages, etc.
It is best to have both!

0
 
LVL 4

Assisted Solution

by:v_karthik
v_karthik earned 250 total points
ID: 16897081
Netflow gives u traffic and usage information, but syslog notifies u about the "problems" in the network. The problems can be just notifications that an interface went down / came up, configuration on a device changed etc. or something very serious as internal errors, memory problems etc.

Its good to have both, but if you just want to do basic fault management in a stable network, use syslog.

For netflow, you can try cisco ios netflow software.  For syslog analysis, you can use syslogd if you are on unix, or winsyslog, kiwisyslog etc. if you are on windows. Cisco's network management suite called Resource Manager Essentials (RME) comes with a syslog analyzer application that gives you a lot of features like notification through email on a certain pattern of syslog. You'll also be able to generate a variety of reports for future analysis.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question