Closed sandervandegeijn closed 1 month ago
You should find the flags definition in the man page nfdump(1). They are coded as:
'C' // Congestion window reduced - CWR
'E' // ECN-Echo
'U' // Urgent
'A' // Ack
'P' // Push
'R' // Reset
'S' // Syn
'F' // Fin
ah, I missed it, very sorry. Only saw the bit representation, my bad!
No worries! The new csv-fast format could also be an option for you.
Thanks! I'm using Vector(.dev) to ingest the logs into opensearch with ECS mapping, so the json is fine for that! Can share the pipeline if that's useful.
Sure! Feel free to share it here or at my email in the authors file.
I'm trying to parse nfdump files to elastic and would like to interpret the tcp flags. So in the data you will see something like:
"tcp_flags" : "......S."
I can't find documentation on what each letter / position means. Is it possible to describe this somewhere?
Thanks!