vote
 |
|
This article discusses flowdumper, flow-stat, and flow-nfilter.
The network manager happily provided the specialist with all the logs, particularly the firewall logs. In only a few minutes, the expert determined that the hoarded and protected firewall logs were completely useless. They were intact, but the logs only listed blocked traffic. They recorded what didn't happen, not what had happened! (Yes, this is where you go check your own firewall logging.)
One of the best ways to avoid a situation like this is to record what actually happened, and that's where Netflow comes in.
| | |
| |
|
|
