Hi,
I am using fprobe-ulog also. The main reason of using this probe is
that I am doing NAT.
AFAIK other probs are taking flow before or after NATting (depending
from which interface
you are taking flows). With fprobe-ulog I am able to take flows from the
FORWARD table
where I have correct src and dst addresses. If you are going to develop
new probe it would
be nice to take in to account this issue. Thanks.
--
Bests,
Karen
Paul P Komkoff Jr wrote:
Replying to Paul Halliday:
I am currently working on a new sensor deployment.
I have been using Fprobe for the past 4 years without any issues but
before I move forward I just want to see what others are using and
what their experiences are.
I'm using fprobe-ulog.
What is the most full featured and effective probe?
I don't know if there's any. :)
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
