Thanks CptnCrnch. I assume that I would then need to tie the fw session & the netflow session to correlate the traffic for that session? All of our traffic will be flowing through a FW which provides us with the data when the flow ends. We are looking into the possibility of dropping the firewall logs for these sessions as we should also get them from the MX. However before doing this we'd want a 1:1 of the information we receive. I know that Splunk has a flow collector and then may tie in easier, but we're currently using a different product for netflow.
... View more