Lilly Tech Systems
Data Sources Beginner
Understanding your data sources is the foundation of network analytics. Each source provides different types of data at different granularities. This lesson covers the major network data sources and how to collect from them effectively.
SNMP (Simple Network Management Protocol)
The oldest and most widely supported network data source. SNMP provides device-level metrics through MIB (Management Information Base) objects.
- Polling — Regularly query devices for counter values (GET, WALK operations)
- Traps — Devices push event notifications when thresholds are crossed
- Key MIBs — IF-MIB (interfaces), HOST-RESOURCES (CPU/memory), ENTITY-MIB (hardware)
Syslog
Event-driven log messages from network devices. Syslog is essential for capturing state changes, errors, and security events.
NetFlow / IPFIX
Flow-level traffic data exported by routers and switches. Each flow record describes a conversation between two endpoints.
| Field | Description | Analytics Value |
|---|---|---|
| Source/Dest IP | Endpoints of the conversation | Top talkers, communication patterns |
| Source/Dest Port | Application identification | Application usage analytics |
| Bytes/Packets | Volume of the flow | Bandwidth consumption analysis |
| Start/End Time | Duration of the conversation | Session analysis, anomaly detection |
| Protocol | TCP, UDP, ICMP, etc. | Protocol distribution analysis |
Streaming Telemetry
The modern alternative to SNMP polling. Devices push metrics in real time using model-driven approaches (YANG models, gNMI/gRPC transport). Benefits include sub-second granularity, structured data, and lower device overhead.
REST APIs
SDN controllers, cloud platforms, and network management systems expose data via REST APIs. Use these for configuration state, topology information, and platform-specific analytics.
Next Step
Learn how to analyze network flows to identify top talkers, detect anomalies, and understand application behavior.
Next: Flow Analysis →