NetFlow output plugin?

["Mayers, Philip J" <p.mayers () ic ac uk>]

All,

We're successfully sniffing out 100Mb connection (and getting good data too)
with Snort 1.7 - congratulations to all for a great product. In case
anyone's interested, we're sniffing 7k packets/sec (30Mbits) on a 256Mb
PIII800 (Compaq DL380) at about 15-20% CPU usage. We're going to try a
64-bit PCI gigabit card at some point, hopefully before we move to a Gigabit
connection (eek!).

Anyway, my managers like pretty graphs so I've been investigating the
possibility of writing a preprocessor that will do things like top-N hosts
and bucket-sorting based on packet size/subnet/port number/etc. The thought
occurred to me that the best way to do this would be to have Snort generate
Cisco NetFlow stats and use some of the many tools available to pull that
data out. Has anyone thought about that, or should I give it a look?

Regards,
Phil

+----------------------------------+
| Phil Mayers, Network Support     |
| Centre for Computing Services    |
| Imperial College                 |
+----------------------------------+  

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users