There are a few questions that need to be answered first. How do you plan to monitor the LAN? Are you going to run YAF, Bro, Snort, others? How big is your LAN, how much traffic traverses it, what is the traffic composition (heavily impacts the amount of logs from Bro/YAF/Snort), how much retention of data do you want, do you plan to store PCAP?
Jon On Wed, Sep 6, 2017, 01:59 Syed Hammad Tahir <[email protected]> wrote: > Hello, > > I intend to use Apache Metron framework for the analysis of our local area > network. What is the best way to get started? Which installation is most > suitable for me as listed in the following link: > https://cwiki.apache.org/confluence/display/METRON/Installation > > Kindly help me with this. > > Regards. > -- Jon
