Hi Luca, Could you help look into my answer below for your questions? Thanks!
Or I change my question to this: 1. What data in ntopng can be export ? except flow data, history statistics can be export? 2. How to export these data? 3, What is export format? Json? Any advice , comment will be highly appreciated! Great thanks! Regards, John ---------- Forwarded message ---------- From: John Zhang <[email protected]> Date: 2014/1/3 Subject: Re: [Ntop-misc] ntopng export data To: "[email protected]" <[email protected]> Hi Luca, Pls see my answer below: - do you want to feed logstash flow dumps? A: I want to send ntopng flow and history statistics to logstash regularly. - how can ntopng send logstash such data? A: I have no clear idea, maybe script through ntop API, rrd file, etc Thanks! Best regards, John 2014/1/2 Luca Deri <[email protected]> > John, > ntopng can export flows in JSON as it dumps them on a DB with -F. So I > have JSON. Now the questions are: > - do you want to feed logstash flow dumps? > - how can ntopng send logstash such data? > > Please elaborate and I will see how I can assist you > > Regards Luca > > On 02 Jan 2014, at 08:02, John Zhang <[email protected]> wrote: > > Hi Luca, > > Let me explain the architecture of my SIEM, may be helpful: > > Logstash + elasticsearch > > Logstash: Log shiper, log parsing and conversion > elasticsearch: log index and search engine > > Its architecture is like the drawing in this page > http://logstash.net/docs/1.3.2/tutorials/getting-started-centralized > > Since Logstash supports lots of input and output, so it needn't special > format for the feed log, of course, json is good option. > > What I want is : I can feed The ntopng data into Logstash in near real > time, some delay is also fine. > > Thanks! > > Best regards, > > John > > > 2013/12/31 Luca Deri <[email protected]> > >> John, >> let me ask another question instead. What format do you need in your >> SIEM? Please make an example >> >> Regards Luca >> >> On 31 Dec 2013, at 07:55, John Zhang <[email protected]> wrote: >> >> Hi everyone, >> >> My SIEM is Logstash + elasticsearch, and I want to add the data of ntopng >> to my SIEM. So my big problem is: How I export data of ntopng into Logstash? >> >> Any suggestion, comment, or reference will be highly appreciate! >> >> Thanks! >> >> Best regards, >> >> John >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
