Can I Run Active-Flow and Import Standard Zeek Logs on a Single AC-Hunter System?

Yes. You can have one or more Active-Flow systems and one or more Zeek systems feeding a single AC-Hunter instance. Each one feeds a different database whose name is: “hostname__ipaddress-rolling” so you can distinguish between them.

Note: you can’t have Zeek and the Active-Flow module running on the same system, they both use /opt/zeek/logs/ for their output.

Direct Link to this FAQ Item: https://portal.activecountermeasures.com/support/faq/?Display_FAQ=2724