Analytics On-Premise - SYSLOG or IPFIX? What is best?

SEBASTIAN

Hi!

Analytics - SYSLOG or IPFIX?

Is one of them better? What is the difference to have one or the other?

Mr_Klaatu

https://www.plixer.com/blog/syslogd/

Hello Sebastian, above is a link that describes the difference between Syslog and IPFIX with a special reference to SonicWall, from Plixer

SEBASTIAN

Hi @Mr_Klaatu

Thanks for the article. Very useful.

preston

@SEBASTIAN , I would ask your SonicWall SE as there is a table with the side by side differences on, in my experience the Syslog gives you more options if you want to report on users activities and you can create custom reports. even though it is not live like the IPFiX it is only a couple of minutes out usually, depending on the sever resources and the amount of Syslogs being sent to it to process.

SEBASTIAN

It would be great if Sonicwall writes a KB that contains this information.

We know IPFIX and SYSLOG licenses exist, but, what is the difference between them?

I remember user and VPN traffic is not available from one of them.

Anyway, Sonicwall, please, is a KB possible?

Mr_Klaatu

@SEBASTIAN Our KB's are more focused on specific configuration/troubleshooting scenarios and may not have theoretical overview of the feature/technology, however we have the documentation for what you are looking in the form of getting started guides with respect to our Analytics product. Here is a link to the getting started guide with the information that you are looking for:-

https://www.sonicwall.com/techdocs/pdf/on-premises-analytics-getting-started-guide.pdf

• Page 4/43 discusses the general differences between Syslog vs IPFIX based reporting
• Page 20/43 'Overview of Syslog-Based Analytics' discusses the possible reporting features when using Syslog
• Page 25/43 'Overview of IPFIX-Based Analytics' discusses the possible reporting features when using IPFIX