Educause Security Discussion mailing list archives

Re: Network flow log consolidation

From: Tristan RHODES <TristanRhodes () WEBER EDU>
Date: Mon, 1 May 2006 12:23:18 -0600

You should take a look at NFSEN.  NFSEN is a web-based graphical
front-end to NFDUMP, which is a netflow collector.  NFSEN displays
graphs of data collected from netflow, and it also allows you to create
very precise queries on large amounts of data.  This is a great tool for
netflow-based forensics and for quickly identifying traffic patterns
that stand-out from the baseline.

NFSEN
http://nfsen.sourceforge.net/

NFDUMP
http://nfdump.sourceforge.net/

Tristan Rhodes
Weber State University

lcb () UCSD EDU 04/25/06 1:18 PM >>>

Tangential to the discussion of syslog parsing, are any others on the
list evaluating or implementing products to consolidate network flow
logs? This would be a precursor to trend analysis and perhaps some
security event correlation processes.

I have looked at some products in a past position and am wondering
which
products or systems you find valuable.

--
Logan Browne, CISSP, CISM
Network Security Manager
University of California, San Diego
<lcb () ucsd edu>
(858)822-5343

Current thread:

Re: Network flow log consolidation, (continued)
- Re: Network flow log consolidation Justin Dover (Apr 25)
- Re: Network flow log consolidation Graham Toal (Apr 25)
- Re: Network flow log consolidation Jenkins, Matthew (Apr 25)
- Re: Network flow log consolidation Wes Young (Apr 25)
- Re: Network flow log consolidation John Rasmussen (Apr 25)
- Re: Network flow log consolidation Steve Bernard (Apr 25)
- Re: Network flow log consolidation Valdis Kletnieks (Apr 25)
- Network flow log consolidation Kim Cary (Apr 26)
- Re: Network flow log consolidation Ensz, Sean A. (Apr 27)
- Re: Network flow log consolidation David Grisham (Apr 27)
- Re: Network flow log consolidation Tristan RHODES (May 01)