Joel M Snyder
Joel.Snyder at Opus1.COM
Thu Apr 12 16:53:18 CDT 2012
>Can you please comment on what is best solution for storing network
Well, "best" is kind of a hard word to use here. There are lots of
different solutions depending on exactly why and where you want to
As far as I know, there are really two credible companies who are
thrashing it out in this space right now, NetWitness (now part of RSA)
and Solera. I think that Niksun is still out there, but they haven't
done much recently or maybe they just concentrate on particular sectors
and so I never see them.
Of course, you can also just tcpdump it yourself, but the commercial
products do a lot of the metadata analysis and creation for you, so it's
a lot easier to understand what is happening in your traffic than just
having piles of tcpdumps.
I bought a NetWitness box and was profoundly unimpressed. So I guess my
advice would be to start with Solera and then look at NetWitness if you
don't like Solera.
This assumes you have budget. If this is a back-of-the-envelope "hey,
let's grab some packets and do something with them" kind of exercise,
then filter your tcpdumps a lot better.
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One Phone: +1 520 324 0494
jms at Opus1.COM http://www.opus1.com/jms
More information about the NANOG