[netsa-tools-discuss] Guide(s) to setting up Analysis Pipeline?

Daniel Ruef druef at cert.org
Thu Jan 19 13:50:48 EST 2017 

Mike,
Sorry for the delay in getting back to you.

What version of Pipeline are you running?

Are you getting copies of the SiLK incremental files into the Pipeline incoming directory?

The simplest config file you can run, which will alert on every flow is:
FILTER all
END FILTER

EVALUATION alertOnAll
                FILTER all
                ALERT ALWAYS
                ALERT EVERYTHING
                CHECK EVERYTHING PASSES
                END CHECK
END EVALUATION

There are more config file examples here: http://tools.netsa.cert.org/analysis-pipeline5/pipeline-examples.html

A list of SiLK fields available for use with Pipeline can be found here: http://tools.netsa.cert.org/analysis-pipeline5/docs.html#silkRecords

General Pipeline documentation is here: http://tools.netsa.cert.org/analysis-pipeline5/index.html

Dan




From: netsa-tools-discuss-bounces+druef=cert.org at cert.org [mailto:netsa-tools-discuss-bounces+druef=cert.org at cert.org] On Behalf Of Mike Eriksson
Sent: Tuesday, January 10, 2017 3:57 AM
To: netsa-tools-discuss at cert.org
Subject: [netsa-tools-discuss] Guide(s) to setting up Analysis Pipeline?

Hi all,

I've found some really good guides on how to set up SiLK and got that running in what looks a good way.

I'm now trying to get some kind of PoC together where the idea is to run Analysis Pipeline on the SiLK host. Which is where I'm failing quite badly.

Getting the config files together and finding out what to reference where is currently beyond me - I am at the point where I need a little push in the right direction.

After finding guides like the ones below [1] I was wondering if there's something similar out there for the next step? My Google-Fu have failed me so far.

Thanks in advance, Mike

[1]
http://www.appliednsm.com/silk-on-security-onion/
https://www.rsreese.com/configure-silk-on-linux-for-netflow-collection-from-a-cisco-router/

-------------- next part --------------
HTML attachment scrubbed and removed

More information about the netsa-tools-discuss mailing list