Although SNMP monitoring looks easier, it lacks resolution at the IP address and TCP/UDP port level. Also, if the amount of requested MIB entries is big, it can generate high usage loads on the CPU in the monitored devices. On the. . .
Although SNMP monitoring looks easier, it lacks resolution at the IP address and TCP/UDP port level. Also, if the amount of requested MIB entries is big, it can generate high usage loads on the CPU in the monitored devices. On the other hand, flow-based accounting, standardized on Cisco's NetFlow data export format, allows a great degree of flexibility and fine granularity, while having low CPU levels on network devices.

What makes flow-based accounting more attractive is that data can be obtained not only from many vendors' switches and routers, but also from Linux and other UNIX routers by using ntop's NetFlow export plugin. With this method, you don't even need a router to collect and report your network traffic information.

The link for this article located at LinuxJournal is no longer available.