Ingest SflowData in Security Onion? #10088
Replies: 1 comment 1 reply
-
|
If you have an easy way to convert it to Netflow, coupling that with the Filebeat module would be the first thing I would try. Security Onion doesn't really use Logstash for parsing, only as a transport. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thanks Matt! |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Any recommendations on ingesting SFlowData?
Better to ingest using the Logstash sflow codec (logstash-plugin install logstash-codec-sflow) or convert to Netflow using SFlowTool and the ingesting using filebeats?
Thanks for any tips!
Tom
Beta Was this translation helpful? Give feedback.
All reactions