Is there a way to query/filter for just RFC Non-Compliant Traffic?

kanrab · June 7, 2021, 1:25pm

I was unable to come up with a come up with anything. Any ideas?

tsullivan · June 8, 2021, 9:25pm

Do you have firewall logs ingested in Elasticsearch? Do the logs have data regarding RFC Non-Compliance?

kanrab · June 15, 2021, 7:25pm

I am using Amazon's Elastiservice and only have access to Kibana. The logs state "Non-RFC Compliance", but I wasnt to view just those.

tsullivan · June 15, 2021, 8:14pm

Well, if you search for that data in Discover, there it will be

Topic		Replies	Views
Some devices(routers/firewall) logs are not coming in ELK Kibana Kibana	1	205	December 5, 2022
Kibana logs for tcp level blocked traffic Kibana kql-kibana-query-language	1	325	March 20, 2023
Firewall Logs Logstash	1	1308	May 25, 2016
Elasticsearch Filter query log Elasticsearch	0	343	September 23, 2019
Elasticsearch Security - Asking for Data Elastic Security	1	353	April 25, 2021