YAF is still very much supported, and the process is very similar to the 0.2.0 approach. There are some sensible roles which help you build and setup YAF itself, or you can use an existing YAF install. The approach we use is to pipe yaf output into yafscii which in turn pushes CSV to kafka, at which point the metron parser is pretty straightforward grok parser using the YAF_DELIMITED pattern we still provide in the default install.
Simon > On 11 May 2017, at 08:46, moshe jarusalem <[email protected]> wrote: > > Hi All, > I would like to deploy and test netflow information from a network > interface. I have seen some yaf related information for 0.2.0 release but > there is no information about yaf on 0.4.0 release. > > Would you please indicate current status of yaf ingestion and processing? How > to deploy them if still metron supports it? > > Regards,
