Hi all, I'm using nprobe to collect Netflow v9 from my Cisco ASR1001 and export it to Elasticsearch. It seems to be working well - certainly a lot better than using logstash's netflow codec.
However, when I query elasticsearch, the EXPORTER_IPV4_ADDRESS variable is reporting the IP address of my nprobe server, not the IP of the router that actually generated the flow. How do I send the IP address of the router that sourced the flow in to elasticsearch? I'm calling nprobe as such: nprobe --daemon --collector none --interface none --flow-version 9 --json-labels --elastic flows;nprobe-%Y.%m.%d;http://127.0.0.1:9200/_bulk; --collector-port 2055 --verbose 1 --syslog nprobe-rtrx" Thanks for your help. -- Paul Haggart - Sr. System Administrator, Storm Internet Services o: +1 613 567-6585 x226 e: [email protected] _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
