Scott the exploit plugin allows you to push data to ELK natively, otherwise you can use —syslog option in nProbe and put flows in syslog that are then imported via tools like Flume
Cheers Luca > On 18 Sep 2017, at 21:08, Scott C. Fertig <[email protected]> wrote: > > Excellent! I have it setup and it appears to be working properly now. One > last question, in the tutorial it mentions: > > "If you enable in ntopng the export to ElasticSearch and/or MySQL, you can > dump call information persistently on a database or use Kibana to create a > dashboard about VoIP calls" > > I'd really like to get the statistics into elasticsearch as well, for this > part do I just run a second instance of ntopng to put the data into elastic > search as outlined at > http://www.ntop.org/ntopng/exploring-your-traffic-using-ntopng-with-elasticsearchkibana/ > > <http://www.ntop.org/ntopng/exploring-your-traffic-using-ntopng-with-elasticsearchkibana/> > ? > > > Sorry for so many questions and going off topic, I am just eager to get this > all setup. > > > Thanks! > -- > Scott C. Fertig > On 09/18/2017 02:10 PM, Luca Deri wrote: >> Scott >> ass you have should be enough. Please have a look at this tutorial >> http://www.ntop.org/nprobe/monitoring-voip-traffic-with-nprobe-and-ntopng/ >> <http://www.ntop.org/nprobe/monitoring-voip-traffic-with-nprobe-and-ntopng/> >> >> Regards Luca >> >>> On 18 Sep 2017, at 20:07, Scott C. Fertig <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Thanks Luca, >>> I am thinking about just using nprobe, along with ntopng for monitoring >>> voip traffic instead. As of right now I only have nprobe pro with the >>> sip/rtp plugin purchased. Is there any other plugins or applications I need >>> to purchase to monitor rtp/sip traffic with ntopng? Will the ntopng >>> community version be enough for this? I will be monitoring 1 system with >>> about maybe 10 concurrent calls max so I aws not sure. >>> >>> Thanks! >>> -- >>> Scott C. Fertig >>> On 09/18/2017 09:15 AM, Luca Deri wrote: >>>> Scott, >>>> nprobe no longer supports the HEP protocol thus all the —hep extensions >>>> are not supported >>>> >>>> Regards Luca >>>> >>>>> On 18 Sep 2017, at 14:27, Scott C. Fertig <[email protected] >>>>> <mailto:[email protected]>> wrote: >>>>> >>>>> Sorry to dig this back up but in the example from the sipcapture github >>>>> it shows ntop using at --hep flag, but it does not look like that is a >>>>> actual flag so I am a little confused. Is this no longer a supported >>>>> option or does nprobe need to be compiled manually to get this? >>>>> >>>>> https://github.com/sipcapture/homer/wiki/Examples:-nProbe >>>>> <https://github.com/sipcapture/homer/wiki/Examples:-nProbe> >>>>> >>>>> >>>>> nprobe -T "%IPV4_SRC_ADDR %L4_SRC_PORT %IPV4_DST_ADDR %L4_DST_PORT >>>>> %L7_PROTOCOL %SIP_CALL_ID" --redis 127.0.0.1 --drop-flow-no-plugin -i any >>>>> -b 0 -t 60 --json-labels --hep {hep_server}:{hep_port} --hep-auth >>>>> {hep_id}:{hep_auth} -G >>>>> >>>>> >>>>> -- >>>>> Scott C. Fertig >>>>> >>>>> >>>>> >>>>> >>>>> On 09/15/2017 03:06 PM, Luca Deri wrote: >>>>>> Hi Scott, >>>>>> >>>>>>> On 15 Sep 2017, at 18:23, Scott C. Fertig <[email protected] >>>>>>> <mailto:[email protected]>> wrote: >>>>>>> >>>>>>> I actually was able to remove mysql-community and install mariadb 10, >>>>>>> which seems to work fine, then I was able to install nprobe. I just >>>>>>> have a couple questions I'm wondering if anyone can answer. >>>>>>> >>>>>>> With the sip/rtp plugin do I need to generate a license for this? I've >>>>>>> already generated my nprobe license so I was not sure, the email from >>>>>>> the store gave me a link to the repos page with normal install >>>>>>> instructions. >>>>>> yes you need the VoIP plugin license in addition to the nProbe Pro >>>>>> license that you array have >>>>>> >>>>>>> Can anyone provide a example of dumping sip/rtp traffic to HEP/Homer? I >>>>>>> know this may be more of a question for the Sipcapture people, but I >>>>>>> thought I might ask here to see if anyone was familiar with it. I found >>>>>>> a example on their wiki but it looks out of date. >>>>>> I am not familiar with Homer unfortunately >>>>>> >>>>>> Regards Luca >>>>>> >>>>>>> Thanks! >>>>>>> >>>>>>> -- >>>>>>> Scott C. Fertig >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 09/14/2017 08:27 PM, Scott C. Fertig wrote: >>>>>>>> Actually I just realized that I need mysql-community-libs because I >>>>>>>> need mysql 5.7+ with homer, if I remove mysql-community-libs then I >>>>>>>> won’t get 5.7 from mariadb it looks like, plus it removes quite a few >>>>>>>> other packages. Will I be able to compile nprobe instead? >>>>>>>> >>>>>>>> --Scott >>>>>>>> >>>>>>>> <> >>>>>>>> From: [email protected] >>>>>>>> <mailto:[email protected]> >>>>>>>> [mailto:[email protected] >>>>>>>> <mailto:[email protected]>] On Behalf Of Scott C. >>>>>>>> Fertig >>>>>>>> Sent: Thursday, September 14, 2017 6:31 PM >>>>>>>> To: Luca Deri <[email protected]> <mailto:[email protected]>; [email protected] >>>>>>>> <mailto:[email protected]> >>>>>>>> Subject: Re: [Ntop] Help with nprobe and nprobe sip/rtp plugin install >>>>>>>> >>>>>>>> Luca >>>>>>>> I think I needed mysql-community-libs for kamailio, but I will remove >>>>>>>> it and try to install Nprobe. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Sent from my Verizon, Samsung Galaxy Edge 7 smartphone >>>>>>>> >>>>>>>> -------- Original message -------- >>>>>>>> From: Luca Deri <[email protected] <mailto:[email protected]>> >>>>>>>> Date: 9/14/17 5:26 PM (GMT-05:00) >>>>>>>> To: [email protected] <mailto:[email protected]> >>>>>>>> Cc: "Scott C. Fertig" <[email protected] >>>>>>>> <mailto:[email protected]>> >>>>>>>> Subject: Re: [Ntop] Help with nprobe and nprobe sip/rtp plugin install >>>>>>>> >>>>>>>> Scott >>>>>>>> how dod you install the software? >>>>>>>> >>>>>>>> please do remove what you have installed and do >>>>>>>> >>>>>>>> yum update >>>>>>>> yum install nprobe >>>>>>>> >>>>>>>> >>>>>>>> Regards Luca >>>>>>>> > On 14 Sep 2017, at 22:22, Scott C. Fertig <[email protected] >>>>>>>> > <mailto:[email protected]>> wrote: >>>>>>>> > >>>>>>>> > Hello, >>>>>>>> > Sorry if this is a duplicate message, the first message I sent was >>>>>>>> > from a email address that is not subscribed to the list. I just >>>>>>>> > purchased nprobe pro with the sip/rtp plugin and am trying to >>>>>>>> > install on a Centos 7 system which has homer sipcapture on it. When >>>>>>>> > trying to install the RPM or installing from the repo I get >>>>>>>> > dependency issues that I cannot seem to work around: >>>>>>>> > >>>>>>>> > From trying to install the RPM: >>>>>>>> > >>>>>>>> > Error: Package: nprobe-8.1.170914-5884.x86_64 >>>>>>>> > (/nprobe-8.1.170914-5884.x86_64) >>>>>>>> > Requires: mariadb-libs >= 5.5.52 >>>>>>>> > Available: 1:mariadb-libs-5.5.56-2.el7.i686 (base) >>>>>>>> > mariadb-libs = 1:5.5.56-2.el7 >>>>>>>> > Error: Package: nprobe-8.1.170914-5884.x86_64 >>>>>>>> > (/nprobe-8.1.170914-5884.x86_64) >>>>>>>> > Requires: pfring = 6.7.0-1405 >>>>>>>> > Available: pfring-6.6.0-1401.x86_64 (ntop) >>>>>>>> > pfring = 6.6.0-1401 >>>>>>>> > You could try using --skip-broken to work around the problem >>>>>>>> > You could try running: rpm -Va --nofiles --nodigest >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > Package 1:mariadb-libs-5.5.56-2.el7.x86_64 is obsoleted by >>>>>>>> > mysql-community-libs-5.7.19-1.el7.x86_64 which is already installed >>>>>>>> > Nothing to do >>>>>>>> > >>>>>>>> > -- >>>>>>>> > Scott C. Fertig >>>>>>>> > >>>>>>>> > _______________________________________________ >>>>>>>> > Ntop mailing list >>>>>>>> > [email protected] <mailto:[email protected]> >>>>>>>> > http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>> > <http://listgateway.unipi.it/mailman/listinfo/ntop> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Ntop mailing list >>>>>>>> [email protected] <mailto:[email protected]> >>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >>>>>>> _______________________________________________ >>>>>>> Ntop mailing list >>>>>>> [email protected] <mailto:[email protected]> >>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Ntop mailing list >>>>>> [email protected] <mailto:[email protected]> >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> [email protected] <mailto:[email protected]> >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >>>> >>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] <mailto:[email protected]> >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] <mailto:[email protected]> >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop >> <http://listgateway.unipi.it/mailman/listinfo/ntop> > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
