Is there a decoder for Netflow, such that one could use bro to collect and log Netflow packets seen by a hardware tap, from multiple sources, in a similar fashion to how Bro handles syslog?
Hi,
Is there a decoder for Netflow, such that one could use bro to collect and
log Netflow packets seen by a hardware tap, from multiple sources, in a
similar fashion to how Bro handles syslog?
while there was support for this in the past, it was removed a while ago
(I think the last version supporting this was 1.5, and even then it was
not well tested and there were not scripts for it as far as I know).
So - sadly the answer here is no.
Johanna