Good Morning Folks,
Long-time lurker and user of nfdump /nfsen here, as always huge kudos to Peter
for the tools.
I'm interested in any experience people have using nfdump to record NAT
translations, we've recently invested in new border firewalls which finally
provide us with a unified point for NAT.
Juniper SRX firewalls will export flow information in structured syslog which
contains all useful information, I'm happy to write a tool to convert between
that and NetFlow/IPFIX.
However I'm interested in nfdump's ability to store/search/display "unusual"
fields. I can see from the IPFIX assignments, IPFIX elements 225
"postNATSourceIPv4Address" and 227 "postNAPTSourceTransportPort" are suitable
for storing the required information.
Can the nfsuite store this information and search upon it, or am I looking at a
fairly large re-engineering project to do so? A quick inspection of the
ipfix_element_map_s struct in ipfix.c suggests that we can't out of the box?
With this I suspect there would be changed to the on disk structure and a few
changed to the query language?
Kind regards,
Peter.
--
Peter Wood
Network Security Specialist
Information Systems Services
Lancaster University
Tel: (01524 5)10153
Email: p.w...@lancaster.ac.uk
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
