Tore Anderson wrote: > I have a customer who would like access to his own flow data. I can't > give him access to *all* my flow data, but I was wondering if is > somehow possible to have nfcapd apply a filter that matches his > network ranges, and then re-export the matching flows to the > customer's collector? > > Or any other way to accomplish this in a nice way? One of the > use-cases is to quickly determine what's going on during DoS attacks, > so it has to be (near-)realtime.
I would try to do this by creating a separate profile for the customer's data. Then I would write a script that would check whether there are new files in the profile directory and if there are the contents of the files would be sent to the customer's collector with nfreplay. This isn't really a real time solution. There may be a better and quicker ways to get the similar result. -- - Matti - ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
