Date: Sat, 15 Feb 2014 18:44:47 -0500 From: George Neville-Neil <gnn@neville-neil.com> To: "C. L. Martinez" <carlopmart@gmail.com> Cc: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: Recommendations for packet capture Message-ID: <3D9E8EFA-1EB0-4CA6-B26E-CA87553150E3@neville-neil.com> In-Reply-To: <CAEjQA5%2BKT3y3Y0C9r1uK=7JshT4OcJhEPw3Oztqpbh6x==HBHg@mail.gmail.com> References: <CAEjQA5L=hCo56SLMgK-wKH-CzOpDN2vHYwP_ySd1QEK5HccM6Q@mail.gmail.com> <1392304466.63673.23.camel@btw.pki2.com> <CAEjQA5%2BKT3y3Y0C9r1uK=7JshT4OcJhEPw3Oztqpbh6x==HBHg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Feb 14, 2014, at 2:21 , C. L. Martinez <carlopmart@gmail.com> wrote: > On Thu, Feb 13, 2014 at 3:14 PM, Dennis Glatting <dg@pki2.com> wrote: >> On Thu, 2014-02-13 at 09:14 +0000, C. L. Martinez wrote: >>> Hi all, >>> >>> I need to setup some FreeBSD (or Linux, it depends) hosts to use as a >>> packet capture sensors for our infrastrucutre. >>> >>> Searching about software that I could use under FreeBSD, I only find >>> these ones: >>> >>> a) daemonlogger >>> b) streamdb >>> >>> For Linux, it seems exits more alternatives. Any suggestions?? >>> >>> I need to monitor 1 GiB networks. >>> >> >> I've not (yet) used these: >> >> /usr/ports/security/sguil-client >> /usr/ports/security/sguil-sensor >> /usr/ports/security/sguil-server >> >> >>> Thanks. > > Thanks Dennis, but Sguil is not a packet capture componente. Sguil > needs daemonlogger to show you captured data. I might be a bit confused. Can you just use tcpdump with the appropriate flags to limit the size and number of files? What are you trying to achieve? Best, George
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D9E8EFA-1EB0-4CA6-B26E-CA87553150E3>