2 of 2 people found this helpful
Netflow is a protocol designed to be used at the routing layer, so you can tell the source IP, destination IP, port and protocol. For example, it would tell you the server they talked to and if it was on 80 or 443 or something else, and how much traffic they moved but not the specific web pages they loaded. Sometimes the DNS names of web servers make it obvious what content they host but many of them are pretty hard to pin down.
Loop1 Systems: SolarWinds Training and Professional Services
1 of 1 people found this helpful
NetFlow is not an ideal data source for web usage tracking. Good post below which explains some of the reasons behind this. There are exceptions like IPFIX but you may not have this technology available.
A better option may be to use packet capture as a data source. You would just need to SPAN/mirror your Internet gateway. There are a few tools out there that can use this data source and extract the user\web metadata from the network packets. Our LANGuardian product is an example of this and you can integrate it with your SolarWinds infrastructure as you can see in the video below. We also have an online demo here if you want to test it out
Great answer! and solutions!
Netflow gives you a basic idea what protocols are being accessed and what the destination and start IP addresses are so you can speak to the users and find out what it is they are doing, or examine their PC to find out what application is accessing the internet. It is a great tool to complement a web proxy from a network point of view rather than a user enforcement point of view. I don't think Netflow was ever meant to manage users.
Are you are looking to know what pages customers visit on your companies web site look into the logs on the web server.
You would get that info better from your firewall or proxy server.
NTA would just show a lot of web traffic between your user IP address and the firewall/proxy server IP address
you can see the conversations on the user port, but webpages and DNS names may not be as useful as you may hope.