-
Hi Rob,
By any chance are you planning, on integrating packetbeat output into elastiflow? My end goal would be analyzing network traffic from hosts (both windows :/ and unix) where i cannot necessa…
vtmas updated
5 years ago
-
The packets are interpreted wrongly by nprobe (only when both fragmented and not fragmented packets are used). Here is a sample trace:
```
08/Jan/2019 17:20:20 [engine.c:3044] Emitting Flow: [->][…
-
When capturing sFlow to stdout I can see that the packet has a sourceId field that tells me the interface the packet was sent from. For Comware this field has a value of 0:4 for interface GigabitEther…
-
Hello,
Today, I have configured Fastnetmon, I have configured sFlow in my Juniper Switch and the switch is already sending packets, but I see in the fastnetmon client that it does not detect inform…
-
I have Fastnetmon 1.1.3 running and it can detect the attack with the netflow data.
I found that there is no attack detail notification recently. I have checked the fastnetmon.log and found there…
-
hi Pavel
i'm using the Git Version of fastnetmon
when i try to enable Netflow_hooks.lua the fastnetmon proccess is Crashing on "Segmentation fault"
i ran it with gdb and i get this traceback:
…
-
In case of Netflow v5, snmp polling can be done to get interface name of a device. This approach has been used in sflow codec. In case of Netflow 9, cisco router provides a way to send interface-names…
-
Hi All,
I'm using the docker elk image set from [Here](https://github.com/deviantony/docker-elk) and then installing Elastiflow on top of the image.
I'm then sending Netflow V5 data in from one…
-
I would like to use NProbe in proxy mode. But first, I would like to make sure that I trust the data that NProbe is sending out. To do this, I set a switch that is sending netflow directly to a colle…
-
- Version:6.3.0
- Operating System: Centos 7.5
- Config File (if you have sensitive info, please remove it):
~~~ yaml
# Settings file in YAML
#
# Settings can be specified either in hierarchic…