NetFlow

NetFlow is used to collect traffic flow statistics from routers. This information is helpful for performing traffic engineering and monitoring for denial of service (DoS) attacks. The Netflow Management Information Base (MIB) feature allows system information stored in the flow cache, such as IP flow information, to be accessed in real time.
Syslog is the standard for logging system events. You can configure Cisco routers to forward log messages to an external syslog service. This service can reside on any number of servers, including Microsoft Windows and UNIX-based systems, or the Cisco Security MARS appliance. Syslog is the most popular message logging facility, because this facility provides long-term log storage capabilities and a central location for all router messages. Syslog logging is not used to obtain IP flow information stored in the flow cache of a Cisco router.
Certain router events can be processed by the router's SNMP agent and forwarded as SNMP traps to an external SNMP server. SNMP traps are a viable security logging facility, but require the configuration and maintenance of an SNMP system. SNMP traps are not used to obtain IP flow information stored in the flow cache of a Cisco router.
NetFlow is an accounting tool used to analyze traffic patterns in a network. NetFlow provides details about network traffic, and it can be used to capture the traffic classification or precedence associated with each flow. You can export NetFlow data to a server in which NetFlow Analyzer is running. NetFlow exports are used to export statistics from the NetFlow main cache of the router. They are not used for local retrieval of information from the cache.

---