-
This issue started as part of investigation of reasons for 100% CPU usage on Mikrotik boxes during DDoS. Particular deployment had no firewall rules and expected to handle all the traffic using Fast P…
-
Tied to https://github.com/philhagen/sof-elk/issues/252, I would like to request support for `files.log`, `ssl.log`, and `x509.log` too.
Additionally, `weird.log`, `notice.log`, `ftp.log` would be …
-
More of a questions than issue.. In the JSON output for Netflow v9, the fields for octetDeltaCount(1) and packetDeltaCount(2) show up as hex strings, whereas in IPFIX they're integers. Is this suppo…
-
hello , how to add all rules in /etc/snort/rules , what i've to modify in snort.lua if it is the problem ?
```
---------------------------------------------------------------------------
-- Snort…
-
# Summary
Many DNS servers use text logging while it can be noisy and it does not include DNS responses in the logs. There are two ways to log both requests and responses: `tcpdump` parsing or `dns…
-
Hello everyone,
I would like to ask if anyone was able to use the openvswitch IPFIX with goflow.
I tried openvswitch/goflow with sFlow and NetFlow, and both work great. With IPFIX, nothing is sho…
-
Currently V9 and IPFIX templates are cached using template id and exporter address as a key.
Rfc3954 implies that v9 templates should be cached using the following fields:
msg header Source ID
e…
-
We are testing fastnetmon.
fcli show total_traffic_counters
incoming traffic 50413 pps
incoming traffic 269 mbps
incoming traffic 17 flows
outgoing traffic 7160 pps
outgoing traffic …
-
Hi,
I have a question how vflow handle IPFIX/Netflow v9 sampling rate, does it get from **Option Data Sets** and multiply by the number of bytes and packets automatically?
-
when I run this `/root/go/bin/goja3 -ja3s=false -json -iface eth1`
the result
```
[root@localhost ja3]# /root/go/bin/goja3 -ja3s=false -json -iface eth1
timestamp,source_ip,source_port,destinat…