Colasoft Capsa is a network performance monitoring and protocol analyzing tool. Capsa provides core monitoring features, as well as automated diagnostics and packet decoding. Colasoft offers a limited free version of the software.
Capsa is highly recommended to be used in small dense areas of a network where it makes sense to be able to run analytics off of a mirror port to gain insight into traffic trends. It is a costly product to install in branch locations, and requires a decent spec hardware to run appropriately
I would recommend all system administrators use some form of network monitoring if they are not already doing so, and I'd definitely recommend people consider OpenNMS if they're shopping around. Small businesses will benefit from the low-cost of entry (it's free!), whilst getting all the enterprise features. Larger businesses can benefit from paid support plans.
However, there's no getting around the fact that you will require some advanced networking and sysadmin knowledge to get the most out of OpenNMS, or at least, be prepared for a steep learning curve. If you don't have the resources to devote this time initially, you may struggle.
I haven't quite figured out how to make topologies work yet, but I haven't spent a ton of time on it either.
We've also had a bit of trouble importing some MIBs, but that usually boiled down to working with the vendor to make sure we had the right MIBs and dependencies.
Colasoft performs more like the traditional wireshark as opposed to other solutions that tend to focus on graphs instead of giving you the raw data. I personally prefer the raw data, and then the ability to build graphs upon this (which Capsa can do). This allows for quicker analysis and makes it easier to relate to.
OpenNMS's more attractive GUI and its price break were the main reasons our company chose to explore and use this product. However, it never managed to actually replace Nagios which had a much more established hold within the company. Perhaps we were over-monitoring, but our company claimed a $100k loss per hour of downtime.
While the product doesn't detect malware, it has helped track down malware infected machines by using data from other applications to run filters to look for known traffic destinations for that malware. For me this is a huge ROI since malware can be the great unknown.
Initial adoption required quite a lot of resources and time to get everything right. Totally worth it for us; just be prepared for a gradual process that will get better and better with time.
Once setup and running smoothly, it provides us with all the reporting we could hope for, at near zero cost.
With OpenNMS, we're able to offer a much more reliable service to our customers, and spend a lot less time dealing with issues.
