[152108] in North American Network Operators' Group
Re: Network Storage
daemon@ATHENA.MIT.EDU (Joel M Snyder)
Thu Apr 12 17:54:10 2012
Date: Thu, 12 Apr 2012 14:53:18 -0700
From: Joel M Snyder <Joel.Snyder@Opus1.COM>
To: myeaddress@gmail.com
Cc: nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>Can you please comment on what is best solution for storing network
>traffic.
Well, "best" is kind of a hard word to use here. There are lots of
different solutions depending on exactly why and where you want to
capture this.
As far as I know, there are really two credible companies who are
thrashing it out in this space right now, NetWitness (now part of RSA)
and Solera. I think that Niksun is still out there, but they haven't
done much recently or maybe they just concentrate on particular sectors
and so I never see them.
Of course, you can also just tcpdump it yourself, but the commercial
products do a lot of the metadata analysis and creation for you, so it's
a lot easier to understand what is happening in your traffic than just
having piles of tcpdumps.
I bought a NetWitness box and was profoundly unimpressed. So I guess my
advice would be to start with Solera and then look at NetWitness if you
don't like Solera.
This assumes you have budget. If this is a back-of-the-envelope "hey,
let's grab some packets and do something with them" kind of exercise,
then filter your tcpdumps a lot better.
jms
--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One Phone: +1 520 324 0494
jms@Opus1.COM http://www.opus1.com/jms
