Fantastic Mike, look forward to some writing of your solution. Paolo
On Sun, Mar 04, 2018 at 02:35:30PM -0600, Mike Hammett wrote: > I'm nearing completion of what I'm looking for. Once I get the last few kinks > ironed out, I'll work on cleaning up my install and hopefully putting > together a new blog post\guide on how to do what I did. > > Netflow data with ASNs (extra work because Mikrotik) is making it into > Elasicsearch and Kibana sees the index and the fields in it. I imported a > dashboard from somewhere that relied on some different values than I'm > currently pushing from pmacct. Hopefully I can get all that stuff to mesh. > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest Internet Exchange > http://www.midwest-ix.com > > ----- Original Message ----- > > From: "Mike Hammett" <[email protected]> > To: "Paolo Lucente" <[email protected]>, [email protected] > Sent: Saturday, March 3, 2018 4:34:15 PM > Subject: Re: [pmacct-discussion] pmacct + ELK made easy? > > > Perhaps I should back up and request a beginners guide to pmacct. Most of > what I've read today has largely assumed you already know what you're doing. > I haven't found a good from the ground-up setup guide. > > I generally prefer installing whatever package is in the distro's repository > to make upgrades and dependencies easier, but it seems like pmacct has > limited plugin packages. Strangely, it seems like Debian is more current than > Ubuntu at the moment (1.6.1 vs. 1.5.2). Anyway, I digress. > > So what do I need to do to get to that point? > > Download and extract the tar. > I'm not sure which plugins I need to enable at compilation as I'm not sure > where I'm sending the data. So far I've gone forward with just jansson, which > may not even be needed, I don't know. > > I have it collecting promiscuously on the Ethernet port for now, putting it > into memory. > > I should probably make sure my netflow config works correctly as well. > > Where am I putting the BGP configuration? Right into the netflow config file > as that's the traffic data I intend to ingest? > > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest Internet Exchange > http://www.midwest-ix.com > > ----- Original Message ----- > > From: "Paolo Lucente" <[email protected]> > To: [email protected] > Sent: Saturday, March 3, 2018 10:13:08 AM > Subject: Re: [pmacct-discussion] pmacct + ELK made easy? > > > Anthony is correct. The incarnation of that blog entry about pmacct + > ELK is the pmacct-to-elasticsearch project that you can find on GitHub: > > https://github.com/pierky/pmacct-to-elasticsearch > > Also here you can find a guide on how to integrate pmacct with InfluxDB > (on top of the same blog entry that Anthony already referenced about > ELK): > > https://github.com/pmacct/pmacct/wiki/External-Links > > Paolo > > On Sat, Mar 03, 2018 at 03:30:38PM +0000, Anthony Caiafa wrote: > > It seems you can probably build one based off these two > > > > https://blog.pierky.com/integration-of-pmacct-with-elasticsearch-and-kibana/ > > > > > > https://blogs.cisco.com/security/step-by-step-setup-of-elk-for-netflow-analytics > > > > > > > > I am sure with a little more is googling you’ll be able to find something > > or put a post together. > > > > On Sat, Mar 3, 2018 at 9:12 AM Jon Nistor <[email protected]> wrote: > > > > > That would be really awesome if there were a guide :> > > > > > > > > > From: Mike Hammett <[email protected]> > > > <[email protected]> > > > Reply: [email protected] <[email protected]> > > > <[email protected]> > > > Date: March 3, 2018 at 9:03:00 AM > > > To: [email protected] <[email protected]> > > > <[email protected]> > > > Subject: [pmacct-discussion] pmacct + ELK made easy? > > > > > > Anyone know of a good A - Z pmacct - ELK stack guide? Debian preferred, > > > but not required. > > > > > > > > > > > > > > > ----- > > > Mike Hammett > > > Intelligent Computing Solutions > > > http://www.ics-il.com > > > <https://www.facebook.com/ICSIL> > > > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > > > <https://www.linkedin.com/company/intelligent-computing-solutions> > > > <https://twitter.com/ICSIL> > > > Midwest Internet Exchange > > > http://www.midwest-ix.com > > > <https://www.facebook.com/mdwestix> > > > <https://www.linkedin.com/company/midwest-internet-exchange> > > > <https://twitter.com/mdwestix> > > > _______________________________________________ > > > pmacct-discussion mailing list > > > http://www.pmacct.net/#mailinglists > > > > > > _______________________________________________ > > > pmacct-discussion mailing list > > > http://www.pmacct.net/#mailinglists > > > _______________________________________________ > > pmacct-discussion mailing list > > http://www.pmacct.net/#mailinglists > > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
