Today I’ve been watching an AlienVault webinar about how to use their product, and caught a glimpse of Nagios and the Paessler NetFlow simulator.  For years I’ve worked to build systems with adequate monitoring to provide either early warning of imminent problems or to provide sufficient forensic evidence to aid in incident response.  My earliest tools were MRTG and Solarwinds Orion Network Performance Monitoring.

MRTG required a lot of manual configuration to get information into a useful form.  Orion was simple to use, but expensive.

I wonder if Nagios would be a good middle ground?  This needs to be checked out!

As an aside, NetFlow information can be quite useful in defining what normal conversations are. Setting up a router or firewall to provide NetFlow information is not hard, but experimenting with collectors to find a good tool for analyzing the information is tougher.  Using the Paessler Netflow Generator to generate some NetFlow data might help this considerably.