New to the list, new to ntop, new to netflow! We have two routers connected to two switches connected to two firewalls. These are our two ISPs. I'd like to collect netflow data from one router. I have an available port on one of the switches it connects to.
Is it best to configure the router to export netflow data to my server - on the internal network - or would it be best to use that extra switch port as a span port and collect it that way? Either method has its own issues: Having the router send the data has overhead costs, right? How much? It is our bigger 'Net connection and I don't want to slow it down. Creating the span port will only collect data for the ethernet port on the router connected to that switch - whereas the router has another connection to the second switch which also gets traffic based on routes (the internal network is split, including the public IP range - can't explain why, the guys who set it up can't even explain it). If I'm missing an option, or if having the router export the netflow data isn't that big of a deal, please let me know what to try. _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
