Many thanks Champ! I'll definitely will have a look at the patches.
Many thanks!
- Peter
On 2/1/14 2:27 AM, Champ Clark III wrote:
> Hello!
>
> First off, thank you for providing a great set of tools to deal with
> Netflow data. It a really valuable set of tools and I really
> appreciate it.
>
> I'm the primary author of "Sagan", a real time, multi-threaded log
> analysis engine. For more information, see:
>
> http://sagan.quadrantsec.com.
>
> I recent had an idea of using Sagan to analyze netflow data and nfdump
> seemed to be the best approach. The idea is to have Sagan examine
> traffic via the log analysis engine and identify malicious traffic
> (via blacklist, RBL lookup and rule sets).
>
> To keep it short, I had to make some minor modifications to nfdump to
> get the functionality I needed. In particular, "nfcapd". The
> modifications I did allow nfcapd to work as normal, but also send
> decoded Netflow data to a FIFO.
>
> Sagan can then read the FIFO and determine if the traffic is malicious
> or not.
>
> The modified code is at:
>
> https://github.com/beave/nfdump-1.6.10p1-sagan
>
> I also wrote up a brief "HOWTO":
>
> https://wiki.quadrantsec.com/twiki/bin/view/Main/SaganNetflow
>
> I just wanted to get the word out. Please let me know if you have any
> thoughts and/or comments.
>
>
>
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT
> organizations don't have a clear picture of how application performance
> affects their revenue. With AppDynamics, you get 100% visibility into your
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
--
Be nice to your netflow data. Use NfSen and nfdump :)
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends. Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
