Argus vs SiLK
George Jones
fooologist at gmail.com
Wed Jul 28 07:55:17 EDT 2010
On Tue, Jul 27, 2010 at 9:24 PM, Chris Inacio <inacio at cert.org> wrote:
>
>
> On Jul 26, 2010, at 2:26 PM, Carter Bullard wrote:
>
>
> YAF is always biflow, there is a command line switch for it to emit into 2
> uniflow records; internally it is completely biflow - no options.
>
But it's a moot point unless you have a set of analysis tools behind it that
can operate on the biflow. Is there a biflow/IPFIX-aware version of SiLK?
Is there some other tool set that I'm not are of (YAF->database) that
consumes IPFIX/biflow ?
---George Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100728/b892d3ab/attachment.html>
More information about the argus
mailing list