[Zeek] Mirror the first N packets of a flow to Zeek
thushjandan.ponnudurai at id.unibe.ch
thushjandan.ponnudurai at id.unibe.ch
Mon Feb 11 01:13:04 PST 2019
Hi guys,
I consider to evaluate Zeek for my organization. To reduce the data, which
could accumulate if we start mirroring the traffic, my team is considering
to not mirror the full traffic. To achieve this goal we have found on our
Extreme Networks K- and S-Series Switches a very interesting feature. They
are able to mirror the first few packets of a flow. It is possible to adjust
this value. For example like the first 15 packets of a flow.
Can Zeek also work well with the first 15 packets of a flow?
Best regards,
Thushjandan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190211/2671efc6/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5502 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190211/2671efc6/attachment.bin
More information about the Zeek
mailing list