On 01.08.2016 11:58, Ben Wiechman wrote:
Does anyone have any experience with FastNetMon? (https://github.com/pavel-odintsov/fastnetmon [5]) It seemed to potentially be a useful roll your own type of solution.
I like it. Works really well with sflow, and netmap (requires intel NIC + port mirror) is even better. I found netflow generated more false positives in limited testing - that could just be timeout setting-related, but I know the author is not a big netflow fan. FNM doesn't have a lot knobs to turn on its own - it can email alerts based on very generic thresholds, which has some value, but a bit of customization in ExaBGP and/or flowspec is required to do the cool stuff. IMO its not a complete solution, but can be a very useful part of an overall plan, if you want to go the roll-your-own route. -- Colin Baker SupraNet Communications, Inc. (608) 572-7634 colinb@supranet.net This message is subject to the SupraNet Email Confidentiality Policy which is located at http://supranet.net/confidentiality