NetFlow to SELKS IDS?

[Rob Babb]

Is it possible to send NetFlow to the SELKS IDS? I don't see any collector service running.

How are people collecting data from multiple ESXi hosts, with standard vswitches, simultaneously?

[Peter Manev]

On Sat, Nov 18, 2017 at 3:23 AM, Rob Babb <rob....@gmail.com> wrote:
> Is it possible to send NetFlow to the SELKS IDS? I don't see any collector
> service running.

Yes - you can ship almost anything i think.

>
> How are people collecting data from multiple ESXi hosts, with standard
> vswitches, simultaneously?

I think you can use filebeat on the remote or local hosts to collect
the data and then ingest in ES.


>
>
> --
> IRC: Let's talk about SELKS on Freenode IRC on the #SELKS channel
> Wiki: https://github.com/StamusNetworks/SELKS/wiki
> GitHub: https://github.com/StamusNetworks/SELKS
> Blog: https://www.stamus-networks.com/theblog/
> Twitter: @StamusN
> g+: Stamus Networks
> ---
> You received this message because you are subscribed to the Google Groups
> "SELKS" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to selks+un...@googlegroups.com.
> To post to this group, send email to se...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.



--
Regards,
Peter Manev