robcowart
commented
5 years ago I would add to your list of solutions to consider Flowtraq Flow Exporter (https://www.flowtraq.com/product/flow-exporter/) which sends Netflow v5 or v9. Another good option is Ziftin ZFlow (https://ziften.com/zflow/). ZFlow is a commercial product, but it has some useful additional IPFIX information elements that will be included in the next release of ElastiFlow.
Packetbeat is actually a real pain to deal with as it does somethings that are not common to the other flow technologies, and which make it difficult to combine with other flow data. It can be done, but with compromises. It isn't something that I plan to add to ElastiFlow any time soon. Sorry.
vtmas
Hi Rob,
By any chance are you planning, on integrating packetbeat output into elastiflow? My end goal would be analyzing network traffic from hosts (both windows :/ and unix) where i cannot necessarily access flow data straight from switches. I have been looking into probes and packetbeat seems to be the winner as its platform independent (unlike fprobe) and free (unlike nprobe).
It would be awesome if it could be wired into elastiflow.
PS: thank you for elastiflow.