[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
more is more (ideas from NSPs)
I poked NSP incident response people about what they need on a
day-to-day basis and got the following input:
> > > sho ip cache flow | incl freetext
> > > sho ip cache verbose flow
Which got me thinking about IPFIX, but
> > how important is local (on-the-box) analysis ("flow | grep foo")
> > vs. getting the same data after export to a collection device ?
> Sometimes one is away from the fancy systems and one has to ssh into the
> rtr from some airport and determine what is going on. on-the-box is very
> important for immediate mitigation.
Which leads to reqs for
- interactive login+CLI (dropped earlier/morphed into scripting requirement)
- display of flow data locally (but what data ?)
- ability to search flow data on the box ("support grep" ?)
> > MRTG|RRD graphs
- Which implies ability to collect data (what data, how collected).
---George