Educause Security Discussion mailing list archives

Network flow log consolidation

From: Kim Cary <Kim.Cary () PEPPERDINE EDU>
Date: Wed, 26 Apr 2006 07:26:53 -0700

We're using nfacctd (packaged with pmacctd) with flowtools to collect/parse/consolidate our netflow logs. It was a two day learning curvefor someone with Unix SysAdmin, SQL & TCP/IP experience to set up.


Kim Cary, Ed.D.
Infrastructure Security Administrator

On Apr 25, 2006, at 9:00 PM, SECURITY automatic digest system wrote:

Tangential to the discussion of syslog parsing, are any others on the
list evaluating or implementing products to consolidate network flow
logs? This would be a precursor to trend analysis and perhaps some
security event correlation processes.

Current thread:

Re: Network flow log consolidation, (continued)
- Re: Network flow log consolidation Wes Young (Apr 25)
- Re: Network flow log consolidation Justin Dover (Apr 25)
- Re: Network flow log consolidation Jenkins, Matthew (Apr 25)
- Re: Network flow log consolidation Justin Dover (Apr 25)
- Re: Network flow log consolidation Graham Toal (Apr 25)
- Re: Network flow log consolidation Jenkins, Matthew (Apr 25)
- Re: Network flow log consolidation Wes Young (Apr 25)
- Re: Network flow log consolidation John Rasmussen (Apr 25)
- Re: Network flow log consolidation Steve Bernard (Apr 25)
- Re: Network flow log consolidation Valdis Kletnieks (Apr 25)
- Network flow log consolidation Kim Cary (Apr 26)
- Re: Network flow log consolidation Ensz, Sean A. (Apr 27)
- Re: Network flow log consolidation David Grisham (Apr 27)
- Re: Network flow log consolidation Tristan RHODES (May 01)