[Bro] Bro vs NetFlow
seth at icir.org
Tue Oct 8 06:40:36 PDT 2013
On Oct 8, 2013, at 9:26 AM, "Swan, Jay" <jswan at sugf.com> wrote:
> I probably screwed up by titling the thread Bro *versus* NetFlow... I was mainly curious if anyone had managed to do away with NetFlow analysis through pervasive use of Bro. I didn't think that would likely be the case.
I've been meaning to write some scripts for Bro to start doing netflow logging and analysis for a long time but I still haven't done it.
> I don't think I could get all the performance-related data I want just from Bro, at least at my current level of expertise. Forensically, I think Bro has almost everything I want, but putting sensors at every tiny location we have is logistically infeasible
Yep, I think this is the major win with netflow. It's pervasive deployment certainly has a lot of benefits.
> Hence, we're looking for a new (probably commercial) NetFlow product.
Yeah, Bro is definitely not in a position right now to fill that need for you.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131008/1da74725/attachment.bin
More information about the Bro