[Bro] Netflow ingest with Bro?
Robert Rotsted
rotsted at reservoir.com
Wed Dec 10 13:29:01 PST 2014
Good to know. Thanks for the quick reply Robin!
On Wed, Dec 10, 2014 at 11:45 AM, Robin Sommer <robin at icir.org> wrote:
>
>
> On Wed, Dec 10, 2014 at 10:37 -0800, Robert Rotsted wrote:
>
>> Is anyone using Bro's Netflow ingest capabilities? If so, what is the
>> output? Does Bro generate TCP and UDP events? Does it create a "conn"
>> log?
>
> Two netflow events:
>
> event netflow_v5_header(h: nf_v5_header);
> event netflow_v5_record(r: nf_v5_record);
>
> I don't think we ever had a standard script doing something further
> with these.
>
> Note, the Netflow support has been removed in current git master along
> with some of the restructuring, as it was neither much used nor tested
> at all. But it's not inconceivable to bring it back before the next
> release if there's demand for it.
>
> Robin
>
> --
> Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
--
Bob Rotsted
Senior Engineer
Reservoir Labs, Inc.
503-225-0583 x138
More information about the Bro
mailing list