Changes between Version 5 and Version 6 of WikiStart

Show
Ignore:
Timestamp:
07/14/08 20:02:36 (9 years ago)
Author:
cviecco
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • WikiStart

    v5 v6  
    11= Hflow2 Data Analysis System = 
    22 
    3 '''Hflow2''' is a data coalesing tool for honeynet/network analysis. It allows to coalesce data from snort, p0f, sebekd into a unified cross related data structure stored in a relational database. There is a paper with a more detailed description can be found  [http://www.cs.indiana.edu/~cviecco/papers/hflow2.pdf here]. 
     3'''Hflow2''' is a data coalesing tool for honeynet/network analysis. It allows to coalesce data from snort, p0f, sebekd into a unified cross related data structure stored in a relational database. 
     4 There is a paper with a more detailed description can be found  [http://www.cs.indiana.edu/~cviecco/papers/hflow2.pdf here]. 
    45 
    56The rationale for building hflow2 was the need to create a tool that had several features that were not available in other systems. 
     
    1718hflow2 however can appear to be MUCH slower than other systems than only analyze flow data such as argus or netflow. The main reason this happens with high-interaction honeynet data is that hflow also takes care of sebek data, which can be extremely voluminous. Internal tests of idle systems show that sebek data is 40 times larger than non-sebek data. This results in a much higher use of the DB and thus a really disturbing performance, packet captures with no sebek data should be processed faster than argus v2.   
    1819 
     20More information can also be found in the [http://www.cs.indiana.edu/~cviecco/oscode/hflow2.html original hflow2 website]. 
     21