Direct Sniffing or Netflow
by Ron Gula on February 19, 2007
When deploying the Log Correlation Engine (LCE), Tenable's support group often is asked which is better for network monitoring: using netflow from a router or performing some sort of direct network monitoring. This blog entry will help users choose a strategy and discuss some of the technical and political aspects associated.
Netflow and Direct Sniffing