Hi,
I would like to enriche netflow data (i.e. dst ip, dst port) with "service name", using automatic lookup.
My lookup looks like the following example:
IP PORT_RANGE SERVICENAME
x.x.x.x/32 1024,1048 ServiceA
y.y.y.y/30 80,80 ServiceB
z.z.z.z/31 8000,8999 ServiceC
OR the lookup could be with two PORT fields:
IP PORT_MIN PORT_MAX SERVICENAME
x.x.x.x/32 1024 1048 ServiceA
y.y.y.y/30 80 80 ServiceB
z.z.z.z/31 8000 8999 ServiceC
Matching the IP is easy with match_type CIDR, BUT how-to match the port range???
Don't mind which of the two examples above to implement a solution for ;-)
Or the solution could be a complete 3th solution.
Looking forward fore some bright answers,
Thanks,
//Torben
↧