[Bro] Bro and NetFlow
Bernhard Ager
ager at net.in.tum.de
Fri Oct 10 03:08:31 PDT 2008
On Thu, Oct 09, 2008 at 06:07:30PM -0400, Andrew Feren wrote:
> I built 1.4.prerelease.12 the other day to play around with several
> parts of Bro including the NetFlow policies. I'm having good luck with
> the rest of my investigations, but I can't seem to get Bro to react to
> the NetFlow that is coming in.
>
> I get a netflow.log file, but nothing ever gets logged.
I assume you are trying to extract netflow data from a dumped trace or
by sniffing on a network device. However the Bro NetFlow support is an
IO source, which either listens for incoming flows on a UDP socket or
reads flows from a file. You find the details in the current CHANGES
file <http://svn.icir.org/bro/trunk/bro/CHANGES>. Especially read the
subsection about "auxiliary programs" in case you want to use files as
input.
Regards,
Bernhard
--
Technische Universität Berlin
An-Institut Deutsche Telekom Laboratories
FG INET, Research Group Anja Feldmann
Sekr. TEL 4
Ernst-Reuter-Platz 7
D-10587 Berlin
More information about the Bro
mailing list