netflow filter improvements


Recommended Posts

The newer filter capability is appreciated, but would be even better if more complex logic could be applied (AND/OR/NOT for multiple filters) to really focus on specific types of traffic while excluding others.  For interfaces, glob matches would be very helpful.  For src/dst address match, please allow for prefix matching as well as host matching.

Thanks,
Mark

  • Upvote 1
Link to post
Share on other sites
  • 4 months later...

I see all the crickets have come to this F/R to hang out.  This is a pretty important improvement for using NetFlow for incident research.  For example, if you find an IP that is doing a lot of traffic while trying to identify a problem and that IP is harmless, I should be able to filter the harmless IP out of my search as I iterate.  There is currently no non-API way to do this.  If the filters could be complex with AND/OR/NOT and groups, then it would be much simpler to make use of the data for real world investigations. 

Similarly, it seems like saved filters are per-user and it would be far more useful if they could be shared across multiple users.

Link to post
Share on other sites
  • 4 months later...

We're experimenting with netflow now and we are also struggling with these very real limitations.  It would be great if we could get a response as to whether or not enhancements to Netflow are going to be prioritized.  Currently we're finding that we have no other choice but to rely on multiple tools to gather this data.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.