This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Skip to end of metadata
Go to start of metadata

Not everyone wants to ingest PCAP due to space constraints and load exerted on all infrastructure components.  Netflow, while not a substitute for PCAP, is a high-level snapshot summary of network flows that would be contained in the PCAP files.  If one does not wish to ingest PCAP then at least enabling Netflow is recommended.  Metron uses YAF to generate IPFIX (Netflow) data from Metron's PCAP probe.  So the output of the probe is IPFIX instead of raw packets.  If Netflow is generated instead of PCAP then the netflow data goes to the generic Parsing topology instead of the PCAP topology

For related components see:

Parsing Topology

 

  • No labels