[152103] in North American Network Operators' Group
Re: Network Storage
daemon@ATHENA.MIT.EDU (John T. Yocum)
Thu Apr 12 17:19:11 2012
Date: Thu, 12 Apr 2012 14:18:30 -0700
From: "John T. Yocum" <john.yocum@fluidhosting.com>
To: nanog@nanog.org
In-Reply-To: <CA+vWMo5NB4B1Vg5Pb-yUXndsYdP8zbSoYsu=K1gSkvu6xqGvmA@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
In that case, just keep adding disks to you capture system, or use a NAS
to do it.
--John
On 4/12/2012 2:16 PM, Maverick wrote:
> Thank you very much for your suggestions.
>
> 1) My goal is to store the traffic may be fore ever, and analyze it in
> the future for security related incidents detected by ids/ips.
>
> 2) I am storing just header and initial few bytes but still it gets
> filled up quite quickly.
>
> 3) Netflow approach is nice but I also want to have traces available
> for reasons mentioned in 1).
>
> 4) Are there any issues having an external storage as a solution for
> this problem.
>
> Best,
> Ali
>
> On Thu, Apr 12, 2012 at 5:06 PM, Michael J McCafferty
> <mike@m5computersecurity.com> wrote:
>> Ali,
>> Do you need to capture the whole packet, including the payload? You
>> will save a lot of space by just capturing the headers. For example,
>> tcpdump doesn't capture the whole packet by default anyway. You may not
>> be able to capture at line rate anyway depending on what you are using
>> to capture with (drivers, libraries, software, etc). See the -s option
>> in tcpdump man page for info.
>>
>> Good luck,
>> Mike
>>
>> On Thu, 2012-04-12 at 16:25 -0400, Maverick wrote:
>>> Hello Everyone,
>>>
>>> Can you please comment on what is best solution for storing network
>>> traffic. We have been graciously granted access by our network
>>> administrator to capture traffic but the one Tera byte disk space is
>>> no match with the data that we are seeing, so it fills up quickly. We
>>> can't get additional space on the server itself so I am looking for
>>> some external solutions. Can you please suggest something that would
>>> be best for Gbps speeds .
>>>
>>>
>>> Best,
>>> Ali
>>>
>>
>> --
>> ************************************************************
>> Michael J. McCafferty
>> CEO
>> M5 Hosting
>> http://www.m5hosting.com
>>
>> Like us on Facebook for updates and photos:
>> https://www.facebook.com/m5hosting
>> ************************************************************
>>
>
