[ARGUS] PAPER: Building a Better Netflow
eric
eric at catastrophe.net
Wed Aug 4 15:59:08 EDT 2004
On Wed, 2004-08-04 at 12:56:14 -0700, Peter Van Epp proclaimed...
> Hmmm, someone modifying their hammer to pound screws in more
> efficiently rather than buying a screw driver. The correct answer here is
> leave the router to route and install a network tap and something appropriate
> (argus, netramet, Coral Reef (nee OCXmon), undoubtably more) to monitor the
> network traffic while not interfering (or being able to interfere in the case
> of a fault) with the operation of the network. Then you don't have to trade off
> operation of the network for data collection (on the assumption that a network
> that is operating but not collecting data is more useful than one collecting
> all the data but not operating ...).
You're preaching to the choir, Brother! Amen!
Seriously though, I'm in full agreement with you. It also makes for
a nice division of infosecurity and networking staff if you have the
luxury of having both operational units.
- Eric
More information about the argus
mailing list