Network Storage

John T. Yocum john.yocum at fluidhosting.com
Thu Apr 12 16:18:30 CDT 2012


In that case, just keep adding disks to you capture system, or use a NAS 
to do it.

--John

On 4/12/2012 2:16 PM, Maverick wrote:
> Thank you very much for your suggestions.
>
> 1) My goal is to store the traffic may be fore ever, and analyze it in
> the future for security related incidents detected by ids/ips.
>
> 2) I am storing just header and initial few bytes but still it gets
> filled up quite quickly.
>
> 3) Netflow approach is nice but I also want to have traces available
> for reasons mentioned in 1).
>
> 4) Are there any issues having an external storage as a solution for
> this problem.
>
> Best,
> Ali
>
> On Thu, Apr 12, 2012 at 5:06 PM, Michael J McCafferty
> <mike at m5computersecurity.com>  wrote:
>> Ali,
>>         Do you need to capture the whole packet, including the payload? You
>> will save a lot of space by just capturing the headers. For example,
>> tcpdump doesn't capture the whole packet by default anyway. You may not
>> be able to capture at line rate anyway depending on what you are using
>> to capture with (drivers, libraries, software, etc). See the -s option
>> in tcpdump man page for info.
>>
>> Good luck,
>> Mike
>>
>> On Thu, 2012-04-12 at 16:25 -0400, Maverick wrote:
>>> Hello Everyone,
>>>
>>> Can you please comment on what is best solution for storing network
>>> traffic. We have been graciously granted access by our network
>>> administrator to capture traffic but the one Tera byte disk space is
>>> no match with the data that we are seeing, so it fills up quickly. We
>>> can't get additional space on the server itself so I am looking for
>>> some external solutions. Can you please suggest something that would
>>> be best for Gbps speeds .
>>>
>>>
>>> Best,
>>> Ali
>>>
>>
>> --
>> ************************************************************
>> Michael J. McCafferty
>> CEO
>> M5 Hosting
>> http://www.m5hosting.com
>>
>> Like us on Facebook for updates and photos:
>> https://www.facebook.com/m5hosting
>> ************************************************************
>>
>



More information about the NANOG mailing list