search

robcowart / elastiflow

Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack
Other
2.48k stars 595 forks source link

netflow #654

Closed jim091418 closed 3 years ago

jim091418 commented 3 years ago

I have installed elastiflow, but i can't see any data. Elastiflow will generate netflow itself,or i need to be install anthor plugin.

robcowart commented 3 years ago

Netflow, IPFIX and sFlow are technologies that network devices, such as switches and routers, use to provide information about the network traffic flowing through them. Your network devices must support one of these technologies, and they must be configured to forward records to ElastiFlow.

jim091418 commented 3 years ago

I don't have cisco router , can I use fprobe instead?

robcowart commented 3 years ago

I am not familiar with fprobe, however if it exports flow records as either Netflow v5 or v9, IPFIX or sFlow, then it should work.

jim091418 commented 3 years ago

I use nprobe to solve netflow problems,but i still can't see any netflow send to elastisearch I use tcpdump to confirm that port 2055 has data and logstash has started normally I don’t know why logstash can’t capture the data

jim091418 commented 3 years ago

logstash log

[2020-12-02T21:21:36,837][WARN ][logstash.inputs.udp ][elastiflow][b29c66acbc6f0b656fa019556e1df2074d46b658fc11039ddf663bf7c2a24924] Unable to set receive_buffer_bytes to desired size. Requested 33554432 but obtained 212992 bytes. [2020-12-02T21:21:36,839][WARN ][logstash.inputs.udp ][elastiflow][5d70c3f0246038122337436a865cb614935b259d87c138538d7d891f5f3e21f7] Unable to set receive_buffer_bytes to desired size. Requested 33554432 but obtained 212992 bytes. [2020-12-02T21:21:36,839][INFO ][logstash.inputs.udp ][elastiflow][b29c66acbc6f0b656fa019556e1df2074d46b658fc11039ddf663bf7c2a24924] UDP listener started {:address=>"0.0.0.0:4739", :receive_buffer_bytes=>"212992", :queue_size=>"4096"} [2020-12-02T21:21:36,840][WARN ][logstash.inputs.udp ][elastiflow][20d857d994b054790dea8b96ec5f30a2cfc1505d7866ad85f88345e30fc2c233] Unable to set receive_buffer_bytes to desired size. Requested 33554432 but obtained 212992 bytes. [2020-12-02T21:21:36,842][INFO ][logstash.inputs.udp ][elastiflow][20d857d994b054790dea8b96ec5f30a2cfc1505d7866ad85f88345e30fc2c233] UDP listener started {:address=>"0.0.0.0:6343", :receive_buffer_bytes=>"212992", :queue_size=>"4096"} [2020-12-02T21:21:36,841][INFO ][logstash.inputs.udp ][elastiflow][5d70c3f0246038122337436a865cb614935b259d87c138538d7d891f5f3e21f7] UDP listener started {:address=>"0.0.0.0:2055", :receive_buffer_bytes=>"212992", :queue_size=>"4096"} [2020-12-02T21:21:36,937][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

jim091418 commented 3 years ago

netstat image