Hello,
recently when I was working on a network problem I discovered the strange behavior of Kibana parsing the NetFlow docs.
I was looking for a top communication on the network and I noticed communication between host A and host B that stands out by a big factor.
When I check the dashboard kibana was saying that the communication was from Host A to B
But when I check the flow on BGP router I saw that the communication was from B to A.
Another Strange thing is that when I wanted to look by specifying the correct source address.
This is the output.
This is the output that shows the flow but in a direction that is not true.
I am sure that this problem is related to a lot of nat that is happening.
The source host is being and as well as the destination host.
How can I debug this? So elastic search does now show me the flow that is in the wrong direction?
Flow is sent from asa device and hosts are behind VPN.