on 19 August 2010
This book is a easy guide to the world of netflow logging and analysis. The content ranges from basic configuration of flow logging and easy customer friendly graphing methods to detailed custom reporting features in the software presented.
While this book does not cover each and every netflow tool available it has a complete walk through allowing you to get started and immediately produce important information for decision makers and troubleshooting.
This book also cover some details that a lot of beginning network people haven't noticed yet, but which are critical for doing netflow analysis. Things like ICMP types and codes and defining what a flow is. Michael also presents filtering and does so while showing you how to build these from simple primitives into fully working and usable examples that you can reuse in production.
The chapters about reporting both show textual representations, hard numbers, and nice graphing tools - suitable for management and others not needing the same level of detail. While showing reporting he not only show the reference, which options are available, but does interpretation of the sample reports.
The book finishes strong by listing common use cases for netflow analysis and if you reach this level in your own network you will have improved things a lot.
Focus in this book is on making use of data available from network devices and thus the network administrator is the one doing the actual work. If you are a decision maker you should buy this book for your network guy and benefit from the awesome output he will generate.
You will need a bit of effort if you are not skilled in running tools from the command line, and setting up the tools can seem hard. Fortunately Michael Lucas has already selected a fine list of tools and how to install those.
The strategy of the book is to get you up and running with netflow easily which really works. Then later when you have seen the benefit from netflow you can dig deeper and deeper into reporting and advanced filtering of the data collected.
To summarize the Good stuff:
Short - this book is easy to read and short
Practical - if you follow the strategy and layout you will get going quickly
Very advanced and complete - given the length of the book it really has a lot of links and references
The Bad stuff about this book
The subject of netflow is hard to ease into and there are some great tools not described. If possible I would enjoy a follow up book that would connect netflow, intrusion detection, syslogging and monitoring with the same detail - using some selected tools.
This book is mandatory reading for network people, even if they already use netflow. There are sure to be tips and hints that you will enjoy. I read this book in a few days, but I will use the knowledge gained for years to come.
on 13 December 2011
This is a very good manual, follow the guidance ( with the usual caveats of updates, patches, and general Linux fiddling - unavoidable when a book can't be constantly updated ) and you will end up with an excellent Network Flow Analyser. My only criticism is, that having followed the book so far, I find that the applications and examples given for visual representation don't meet my rather picky standards for pictoral quality, so I've had to learn Python & motplotlib to be able to represent the massive amount of data that has suddenly become available to process !
Put it this way, I have both the Kindle and the paper version of this, and it is immensely useful !