System for monitoring and managing datacenters

The invention claimed is: 1. A system within a datacenter, comprising: two or more sensors configured to: capture a packet; describe the packet in a packet log; send the packet log to a collector; the collector being configured to: receive the packet logs from the two or more sensors; determine that the packet logs describe a connection between two endpoints in a datacenter; describe the connection in a flow log; and an analytics module configured to: determine a status of the datacenter, using any connections in the flow log; detect an attack that originated from within the datacenter from at least the determined status of the datacenter; and modify, in response to the detected attack, a security policy of the datacenter. 2. The system of claim 1 , wherein one of the two or more sensors is installed on a hypervisor. 3. The system of claim 2 , wherein one of the two or more sensors is installed on a virtual machine. 4. The system of claim 1 , wherein one of the two or more sensors is installed on a switch. 5. The system of claim 1 , wherein access to the datacenter is limited by a firewall. 6. The system of claim 1 , wherein the analytics module is further configured to: present a report describing flows in the datacenter. 7. A method executed within a datacenter, comprising: receiving, a first packet log from a first sensor and a second packet log from a second sensor, the first packet log and the second packet log describing packets that are captured by the respective sensors; determining that the first packet log and the second packet log describes a connection between two endpoints in a datacenter; describing any connections within the first packet log and the second packet log in a flow log; and sending the flow log to an analytics module determining a status of the datacenter, using any connections in the flow log; detect an attack that originated from within the datacenter from at least the determined status of the datacenter; and modify, in response to the detected attack, a security policy of the datacenter. 8. The method of claim 7 , wherein the first sensor is installed on a hypervisor. 9. The method of claim 8 , wherein access to the datacenter is limited by a firewall. 10. The method of claim 7 , wherein the first sensor is installed on a switch. 11. The method of claim 7 , wherein the first sensor is installed on a virtual machine. 12. A non-transitory computer-readable medium having computer readable instructions stored thereon that, when executed by a processor of a computer, cause the computer to: receive, from a collector, a flow log describing a connection between two endpoints in a datacenter; and determine a status of a datacenter, using the flow log, using any connections in the flow log; detect an attack that originated from within the datacenter from at least the determined status of the datacenter; and modify, in response to the detected attack, a security policy of the datacenter. 13. The non-transitory computer-readable medium of claim 12 , wherein the instructions further cause the computer to: present a report describing flows in the datacenter. 14. The non-transitory computer-readable medium of claim 12 , wherein the instructions further cause the computer to: configure a sensor to send a packet log to the collector.