Hi,
I'm working on a solution with Nprobe in proxy mode in order to receive Netflow datas from routers and the export the analyzed information to ElasticSearch. It's doing well, but I didn't succeed to have Geolocation of the Public IP src/dst. I can see the country and city in the Json export with the use of Maxmind data files. I also configured the Json Template mapping for Nprobe. So all is doing well but no GPS coordinates apears anywhere. I trired with Ntopng in the same condition (with Maxmind file) and it's working well. Kibana is able to receive the GPS coordinates in the right format. So I don't understand the difference in the export format with both of these software. Same for the AS name, it doesn't work in Nprobe but fine in Ntopng. Ntopng is not able to export L4 protocol name and in general far less information than Nprobe to Elasticsearch. I read that we can send Json datas directly from Nprobe to ELK, but if so I need to use Logstash. I don't think it's the solution as Logstah can be used by itself to read Netflow trafic and treat the information to translate IP to Geolocation, As numbers to Name, etc.. Thank you, Christophe
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
