On Wed, Apr 17, 2013 at 06:26:03, Tore Anderson wrote: > > Hi, > > I have a customer who would like access to his own flow data. I can't > give him access to *all* my flow data, but I was wondering if is > somehow possible to have nfcapd apply a filter that matches his > network ranges, and then re- export the matching flows to the customer's > collector? > > Or any other way to accomplish this in a nice way? One of the > use-cases is to quickly determine what's going on during DoS attacks, > so it has to be (near- )realtime. >
You can use the -R switch to send his flows to another collector. Samplicate is another option, I use it to send all flows to multiple collectors. If you want to send previous flows, nfreplay will do that. -ryan ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
