Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: netflow support in snort

From: Russ Combs <rcombs () sourcefire com>
Date: Mon, 14 Feb 2011 08:31:40 -0500
2011/2/14 Joel Esler <jesler () sourcefire com>:

On Feb 14, 2011, at 1:08 AM, 李曦 wrote:

HI snort,
Hope you are well

i'd need a help if possible.i want to use NetFlow data with snort.
Does snort monitor with NetFlow data by default setting ? if not what i
should do ?


I'm not that familiar with netflow data, but from a quick look and
your question I'm guessing that it has packets buried in there.  If
that is the case and you want Snort to read the packets and process
them as if it were a pcap, then you can either:

1.  Export a pcap from netflow data (there may be a tool for that).
2.  Write a netflow DAQ.



thanks very much

Snort does not handle netflow data natively.  At Sourcefire we have other
tools to perform this function.
--
Joel Esler
jesler () sourcefire.com
http://blog.snort.org && http://blog.clamav.net



------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Previous By Date Next
Previous By Thread Next

Current thread: