Network Storage

Joel M Snyder Joel.Snyder at Opus1.COM
Thu Apr 12 21:53:18 UTC 2012


 >Can you please comment on what is best solution for storing network
 >traffic.

Well, "best" is kind of a hard word to use here.  There are lots of 
different solutions depending on exactly why and where you want to 
capture this.

As far as I know, there are really two credible companies who are 
thrashing it out in this space right now, NetWitness (now part of RSA) 
and Solera.  I think that Niksun is still out there, but they haven't 
done much recently or maybe they just concentrate on particular sectors 
and so I never see them.

Of course, you can also just tcpdump it yourself, but the commercial 
products do a lot of the metadata analysis and creation for you, so it's 
a lot easier to understand what is happening in your traffic than just 
having piles of tcpdumps.

I bought a NetWitness box and was profoundly unimpressed.  So I guess my 
advice would be to start with Solera and then look at NetWitness if you 
don't like Solera.

This assumes you have budget.  If this is a back-of-the-envelope "hey, 
let's grab some packets and do something with them" kind of exercise, 
then filter your tcpdumps a lot better.

jms

-- 
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One       Phone: +1 520 324 0494
jms at Opus1.COM                http://www.opus1.com/jms




More information about the NANOG mailing list