John, ntopng can export flows in JSON as it dumps them on a DB with -F. So I have JSON. Now the questions are: - do you want to feed logstash flow dumps? - how can ntopng send logstash such data?
Please elaborate and I will see how I can assist you Regards Luca On 02 Jan 2014, at 08:02, John Zhang <[email protected]> wrote: > Hi Luca, > > Let me explain the architecture of my SIEM, may be helpful: > > Logstash + elasticsearch > > Logstash: Log shiper, log parsing and conversion > elasticsearch: log index and search engine > > Its architecture is like the drawing in this page > http://logstash.net/docs/1.3.2/tutorials/getting-started-centralized > > Since Logstash supports lots of input and output, so it needn't special > format for the feed log, of course, json is good option. > > What I want is : I can feed The ntopng data into Logstash in near real time, > some delay is also fine. > > Thanks! > > Best regards, > > John > > > 2013/12/31 Luca Deri <[email protected]> > John, > let me ask another question instead. What format do you need in your SIEM? > Please make an example > > Regards Luca > > On 31 Dec 2013, at 07:55, John Zhang <[email protected]> wrote: > >> Hi everyone, >> >> My SIEM is Logstash + elasticsearch, and I want to add the data of ntopng to >> my SIEM. So my big problem is: How I export data of ntopng into Logstash? >> >> Any suggestion, comment, or reference will be highly appreciate! >> >> Thanks! >> >> Best regards, >> >> John >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
