Hello All,
Several things :
While i just sent a mail to Vern last week asking about the
availability of the svn repository, i too agree with Christian,
this access can bring its batch of problems so ...
Another subject we spoke a few months ago (if not a year) : "Netflow"
Let's imagine we would like having this used in "Bro", how doing this ?
There're at least severals solutions :
- Getting Netflow's flows coming directly inside Bro (turning it to be
something likes a collector as flow-tools, nfcapd, etc.)
- Use an external collector as one of those about which i speak above
and let Bro getting informations from the data.
In security, i like the principle of unicity so the second approach is
better for me (an IDS is an IDS, not a Netflow's collector).
So any advices, comments...
Thank you.
Best regards.
LBL is running a netflow -> bro conversion package for internal
monitoring. In brief, we collect netflow records, parse them into Bro
events, which are sent to a running Bro via the Brocolli library. If
you're interested in working with this, great - it some help,as its a
bit of a hack. I'll be happy to share what I'm doing...
Jean-Philippe Luiggi wrote:
LBL is running a netflow -> bro conversion package for internal
monitoring. In brief, we collect netflow records, parse them into Bro
events, which are sent to a running Bro via the Brocolli library. If
you're interested in working with this, great - it some help,as its a
bit of a hack. I'll be happy to share what I'm doing...
Hello Jim,
Thank you for this information, i'll be happy using your software as it's
exactly what i was looking for.
Best regards.
I've had a couple of requests for this code, so I'm developing a web
page for it. Stay tuned.
Jean-Philippe Luiggi wrote:
Hello,
No problem, thank you a lot.
Best regards.