mnagel

netflow filter improvements

Recommended Posts

The newer filter capability is appreciated, but would be even better if more complex logic could be applied (AND/OR/NOT for multiple filters) to really focus on specific types of traffic while excluding others.  For interfaces, glob matches would be very helpful.  For src/dst address match, please allow for prefix matching as well as host matching.

Thanks,
Mark

  • Upvote 1

Share this post


Link to post
Share on other sites

I see all the crickets have come to this F/R to hang out.  This is a pretty important improvement for using NetFlow for incident research.  For example, if you find an IP that is doing a lot of traffic while trying to identify a problem and that IP is harmless, I should be able to filter the harmless IP out of my search as I iterate.  There is currently no non-API way to do this.  If the filters could be complex with AND/OR/NOT and groups, then it would be much simpler to make use of the data for real world investigations. 

Similarly, it seems like saved filters are per-user and it would be far more useful if they could be shared across multiple users.

Share this post


Link to post
Share on other sites

We're experimenting with netflow now and we are also struggling with these very real limitations.  It would be great if we could get a response as to whether or not enhancements to Netflow are going to be prioritized.  Currently we're finding that we have no other choice but to rely on multiple tools to gather this data.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now