I have a customer that will be storing PB’s of data and they will be using Zeek to analyze it (not all of it at once). They would like to use a NAS (network attached storage) and have asked me to validate that it will work. I have gone thru the documents but do not see any references to NAS or external storage.
Any assistance would be greatly appreciated.
Thank You,
John W. O’Dell
They would like to use a NAS (network attached storage) and have asked
me to validate that it will work.
Zeek will happily read pcaps from Unix files. Assuming that's the interface
that the NAS provides, sure this will work. Maybe though I'm not understanding
the question, as it seems quite straightforward.
Vern
Just make sure you do not sniff the interface that you use for packet storage. Nothing like a positive feedback loop that can happen because of some crazy network configurations ;]
Thank you for the feedback! I am not familiar with Zeek and my customer wanted a guarantee they can use a NAS device (nfs) to store collected data for long term analysis. Sounds like they can use it!!! Great news!
Thank You,
Dell/EMC -Federal - Isilon
John W. ODell
614-309-3085