Kaiser, SYN flood alert is also available over ZMQ when nProbe is used in probe mode (no collector).
I would expect some differences in seeing alerts, though. This is because over ZMQ data is summarized in flows so triggering conditions can slightly differ. Simone > On 5 Jul 2020, at 17:44, Kaiser Cheng <[email protected]> wrote: > > > Dear sir, > > > In ZMQ interface, from our test, only host scores alter found. > In physical NIC inerface, we could find some TCP SYN flood alter, > Are flow flood alters available on NIC interface only? > > Br, > Kaiser > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
