Hi Community,
last year I performed the following test. I had an AiO Virtual Appliance and set one interface in QFlow Mode.
I then downloaded from fixcentral the QRadar ISO using WGET and expected to see the flows in QRadar.
As you can see, it took 9m and 22s to download the file.
I then saw 11 Flow Records with the same Flow ID for period of time required to download the file.
Taking a look at the TCP Flags, I was able to see the connecting being opened and closed.
I did this last year and it worked fine with 7.4.2. This year a customer asked me a question regarding QFlows and none of us could reproduce the behavior above with 7.4.3. Sometimes there is only one flow record, sometimes none. I don't know exactly what is going on. Do you have any clue what I am missing here?
THank you!
Regards,
Bruno
------------------------------
BrunoMarX
------------------------------