I turned on debug level logging and sent my syslogs to splunk - I don't see anything that looks like DPI data - does anyone know if the DPI data is part of the data that gets output to splunk? Since DPI and firewall rules based on DPI data don't seem very adept at blocking bittorrent and some other filesharing, I'd like to be able to build a splunk report that tells me when/who some P2P packets are logged, then I can associate the time+IP with a MAC address, then associate the MAC address with their RADIUS authentication giving me a list of the offenders. Any thoughts on getting the DPI data out of the ER?
↧
