[Bro] Bro and NetFlow

Andrew Feren acferen at yahoo.com
Thu Oct 9 15:07:30 PDT 2008

I built 1.4.prerelease.12 the other day to play around with several 
parts of Bro including the NetFlow policies.  I'm having good luck with 
the rest of my investigations, but I can't seem to get Bro to react to 
the NetFlow that is coming in.

I get a netflow.log file, but nothing ever gets logged.

NetFlow Version is 5.

I read through the policies and .pac files and I don't see a problem, 
but I'm new to Bro and there is a lot to sort through.

Any thoughts on where I should start?


