Uhm, this is strange. It looks like the detection is not always successful
on the same request. Can you capture a small pcap with that causes that
particular event so we can reproduce and debug in our lab?
Regards,
Simone
On Mon, Oct 31, 2016 at 11:54 AM, Lutfi Oduncuoglu <
lutfioduncuo...@gmail.
Hello,
I tried the reproduce the situation
Below you can see L7_PROTO_NAME=Unknown
{
- "_index": "nprobe-2016.10.27",
- "_type": "flows",
- "_id": "AVgGH5sfdkghXIQ1kFlQ",
- "_version": 1,
- "_score": 1.4142135,
- "_source": {
- "IN_BYTES": 816,
- "IN_PKTS": 6,
Hello Simone,
Actually it happens in random. I will try to produce a pcap today. Is it
ok, if I I create a pcap with tcpdump while capturing the flows?
Regards,
Lutfi
On Fri, Oct 28, 2016 at 12:27 PM, Simone Mainardi wrote:
> Hi,
>
> Please, explain how to reproduce. Enclose a pcap if you thi
Hi,
Please, explain how to reproduce. Enclose a pcap if you think it will help
as well.
Simone
On Fri, Oct 28, 2016 at 10:46 AM, Lutfi Oduncuoglu <
lutfioduncuo...@gmail.com> wrote:
> Hello,
>
> I am trying to get L7_PROTO_NAME with nprobe. I am using the nprobe as
> below
>
> nprobe -G -t 60
Hello,
I am trying to get L7_PROTO_NAME with nprobe. I am using the nprobe as below
nprobe -G -t 60 -d 15 --elastic "flows;nprobe-%Y.%m.%d;
http://10.X.X.X:9200/_bulk"; -i eth1 -T "%IN_BYTES %IN_PKTS %PROTOCOL
%L4_SRC_PORT %IPV4_SRC_ADDR %L4_DST_PORT %IPV4_DST_ADDR %SRC_AS %DST_AS
%OUT_BYTES %OU
