[Bro] Netflow and bro

Johanna Amann johanna at icir.org
Tue Oct 10 10:08:32 PDT 2017


> Is there a decoder for Netflow, such that one could use bro to collect and
> log Netflow packets seen by a hardware tap, from multiple sources, in a
> similar fashion to how Bro handles syslog?

while there was support for this in the past, it was removed a while ago
(I think the last version supporting this was 1.5, and even then it was
not well tested and there were not scripts for it as far as I know).

So - sadly the answer here is no.


> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list