It depends on what traffic you want to monitor.
For a bespoke and non-realtime solution, an IPS/IDS may be the way to go. Try hunter-nsm, which uses BRO/SNORT, with ELK.
There are many other competing platforms - suricata or so,
And for a real-time monitoring, you may want to rely on packaes like pftop,dnstop, etc.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.