[Bro] Netflow ingest with Bro?
Robert Rotsted
rotsted at reservoir.com
Wed Dec 10 10:37:30 PST 2014
Hi all,
Is anyone using Bro's Netflow ingest capabilities? If so, what is the
output? Does Bro generate TCP and UDP events? Does it create a "conn"
log?
Some context from the Bro 1.4 release notes
(https://www.bro.org/sphinx/install/changes.html?highlight=netflow):
Bro now supports analyzing NetFlow v5 data, i.e., from Cisco routers
(Bernhard Ager). NetFlow can be useful for intrusion detection as it
allows analysis of traffic from many different points in the network.
Bro can now read NetFlow data from a UDP socket, as well as (mostly
for debugging purposes) from a file in a specialized format. You can
create these files with the programs given in aux/nftools.
Best,
Bob
--
Bob Rotsted
Senior Engineer
Reservoir Labs, Inc.
More information about the Bro
mailing list