On 2015-08-13 19:00, Aaron Hopkins wrote:
I try to avoid storing any raw per-flow data to disk. At the scale I'm
operating, I can't store it for very long, and walking through it
again is
too slow. If I wanted to throw more hardware at netflow log processing,
it's at least possible to do, though. Of the people I've heard doing
this,
they are mostly paranoid companies (not ISPs) who want to be able to
trace
security incidents after the fact.
I was surprised how many companies had enough traffic to retroactively
determine whether HEARTBLEED had previously been exploited. Neat, but
scary.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
_______________________________________________
tor-relays mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
