[Oisf-users] flow question

Brian Kellogg theflakes at gmail.com
Fri Oct 5 13:33:36 UTC 2018


Yup and thank you.

Learning this side of Suricata.  I'm used to Bro and standard nflow.

I very much second treating non-IP flows as if they were TCP and reporting
the entire conn from the perspective of the initiator.  Makes security
analyst work a little easier when stacking data and other hunting.

On Fri, Oct 5, 2018 at 1:29 AM Victor Julien <lists at inliniac.net> wrote:

> On 05-10-18 00:17, Brian Kellogg wrote:
> > Thanks, was under the misunderstanding that all flow logging was
> > enabled by default.
>
> I think this is what you're looking for
> https://github.com/OISF/suricata/pull/3329
>
> It will be in 4.1.
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181005/61afd3b9/attachment.html>


More information about the Oisf-users mailing list