Hi everyone, we currently are looking at sflow options for a commercial
collector and analyzer. The core use is for visibility on our network, for
quickly detecting source / destination IP addresses, ie where the traffic is
going and where is it coming from, the type of traffic would be interesting
also but to be honest all which really matters is source / destination.
The requirement of the sflow software is to give us options and data very
quickly in the event of a DDOS attack so mitigation can occur quickly once we
understand what’s happening on the network. The last thing we want is for the
software not to work under a DDOS (too much data) thus leaving us blind upon an
attack. The quicker the software can report on issues, the quicker we can do
something about it.
Our current routers are fully sflow capable and both export nicely to both
packages.
Our findings so far
Manage Engine Net flow analyzer has both a Linux and windows version, the
software is very light and seems to perform very fast, although light on
additional features such as custom reporting, and alerting / in depth packet
information. The concern is this software too simple, will it work under heavy
load?
Based on our needs Manage Engine Net flow costs $2000.00
Plixer Scrutinizer – based on windows the software seems resource intensive but
has a MASSIVE amount of extra visibility built into the software including
automatic alerts, that being said the software does seem extremely more complex
to configure and understand, reports seem to take longer to produce and the
information doesn’t seem to be reported as quickly. (ie lags by minutes or so
compared to Manage Engine)
Based on our needs Plixer Scrutinizer Costs $4000.00
Does anyone have any real life experience on either package the cost different
between the two packages doesn’t worry us, it’s all about selecting the correct
package knowing the one time we need to access the flow information and get it
quick that the package we choose preforms quickly and works.
I’d also like to hear from anyone else using another commercial solution, which
they would recommend.
Thanks in advance
Alex
