You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

Not everyone wants to ingest PCAP due to space constraints and load exerted on all infrastructure components.  Netflow, while not a substitute for PCAP, is a high-level snapshot summary of network flows that would be contained in the PCAP files.  If one does not wish to ingest PCAP then at least enabling Netflow is recommended.  Metron uses YAF to generate IPFIX (Netflow) data from Metron's PCAP probe.  So the output of the probe is IPFIX instead of raw packets.  

 

  • No labels