Argus vs SiLK
Chris Inacio
inacio at cert.org
Wed Jul 28 13:49:28 EDT 2010
George,
We have stuff we use internally to do that, or similar work. (A lot of python lying around…) We've never productized most of it. NAF can still be downloaded, and you can do that for biflow, but its a little long in the tooth.
That said if Argus is working for you, why switch? If there is some other reason for you to switch to YAF, and you really want to go to SQL - we can have an offline discussion. Really, most SQL systems aren't really made to handle flow information well. I want to do some testing with Infobright / MySQL. If it performs well, then we might release something that will populate a SQL system from YAF. Unfortunately, while you might think that's great (and maybe even Carter too,) my sponsors could care less. So this is something that we have to do on our own mostly.
Chris Inacio
inacio at cert.org
On Jul 28, 2010, at 7:55 AM, George Jones wrote:
> On Tue, Jul 27, 2010 at 9:24 PM, Chris Inacio <inacio at cert.org> wrote:
>
>
> On Jul 26, 2010, at 2:26 PM, Carter Bullard wrote:
>
>
> YAF is always biflow, there is a command line switch for it to emit into 2 uniflow records; internally it is completely biflow - no options.
>
> But it's a moot point unless you have a set of analysis tools behind it that can operate on the biflow. Is there a biflow/IPFIX-aware version of SiLK?
> Is there some other tool set that I'm not are of (YAF->database) that consumes IPFIX/biflow ?
>
> ---George Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100728/3cccb9e4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6212 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100728/3cccb9e4/attachment.bin>
More information about the argus
mailing list