 |
 |
On 01.08.2016 11:58, Ben Wiechman wrote: > > Does anyone have any experience with FastNetMon? > (https://github.com/pavel-odintsov/fastnetmon [5]) It seemed to > potentially be a useful roll your own type of solution. > I like it. Works really well with sflow, and netmap (requires intel NIC + port mirror) is even better. I found netflow generated more false positives in limited testing - that could just be timeout setting-related, but I know the author is not a big netflow fan. FNM doesn't have a lot knobs to turn on its own - it can email alerts based on very generic thresholds, which has some value, but a bit of customization in ExaBGP and/or flowspec is required to do the cool stuff. IMO its not a complete solution, but can be a very useful part of an overall plan, if you want to go the roll-your-own route. -- Colin Baker SupraNet Communications, Inc. (608) 572-7634 [log in to unmask] This message is subject to the SupraNet Email Confidentiality Policy which is located at http://supranet.net/confidentiality