This will be addressed in a later release. Note: MySQL and SiLK IPSet support is currently disabled in Super Mediator 2.0. These packages typically have either a -devel suffix (RedHat/Fedora/RPM-based systems) or a -dev suffix (Debian/Ubuntu/apt-based systems).
When installing the dependencies via a Linux package manager, be certain to install the package with the libraries and headers. Dependencies Core Dependencies for YAF and super_mediator The NetSA tools may also be installed as RPMs from the CERT Linux Forensics Tools Repository. If these tools are already installed, skip ahead to the next section. More detailed instructions are available for YAF and super_mediator. This section provides a brief overview of installing YAF and super_mediator. See the super_nf manual page for examples of different COLLECTOR configurations. super_mediator has multiple methods of ingest: It can listen on a TCP or UDP port for connections from YAF (the preferred method) or poll a directory for IPFIX files.
These examples only use an IPFIX file as input. Note: MySQL support is currently disabled in Super Mediator 2.0. This tutorial shows multiple methods of structuring your MySQL or MariaDB database and a few methods of import. The super_nf manual page provides additional examples and more detailed documentation. It shows multiple configurations and the data that each one produces. This tutorial provides examples of different exporters. Super_mediator is used to collect the Deep Packet Inspection (DPI) data elements that YAF exports and writes them in a format that can be used for bulk loading into a database or rotating CSV files. You will typically run YAF exporting IPFIX over TCP to SiLK's rwflowpack which either writes flow data locally to your repository or sends it back to your data repository hosted on a separate server. If you just want traditional IPFIX data and do not need to modify, filter, or aggregate it any way, the standard tool chain will work just fine for you and you do not need a mediator. Like a traditional IPFIX mediator, super_mediator can filter, modify, and aggregate the data it processes. Super_mediator is an IPFIX mediator that ingests IPFIX data ( super_mediator works best with data generated by YAF) via TCP, UDP, or file(s) and exports to one or more collectors such as Mothra, Analysis Pipeline, SiLK, another Super Mediator instance, to binary IPFIX files, to JSON files, or to delimiter separated value (e.g., CSV) text files for importing into a database.
0 kommentar(er)
