Geek Speak

Deep Anlalysis of NetFlow and Syslog Data

Lately I've had cause to look into methods for doing a deeper analysis of NetFlow and Syslog data. While reports and graphs are good, sometimes you need to do a more exhaustive search than what is available via traditional methods. For instance, what if you suspected you were being attacked from within via some obscure protocol. Now assume that you need to search multiple databases, across several months of time. Being able to conduct a search for both syslog messages and netflow data associated with that port and/or any suspected hosts would be really helpful.

There are a couple of products out there that sort of provide "Google like" searches and indexing of this type of data. Lately I've been thinking about this as an add-on or feature of Orion. 

If you've got an opinion on this, I'd love to hear it...

Josh 

Published Feb 08 2008, 10:46 AM by Josh Stephens

Comments

No Comments

About Josh Stephens

Josh Stephens is a Vice President – and Head Geek – at SolarWinds, where he plays an integral part in the development and delivery of our award-winning network management products. Josh has extensive experience in network management systems, network engineering, and software development. His 15-plus years of experience in technology include designing and deploying advanced networks and network management systems within organizations including the US Air Force, Sprint, MCI/UUNET, and Wal-Mart. He has received several industry certifications including those from Cisco Systems, Microsoft, and HP.