Hello everyone!
I'm trying to implement some traffic analysys with ELK.
For now, I have 2 options to choose from (well, AFAIK):
- using plain logs with LOG iptables target;
- using plain logs with ULOG/NFLOG iptables target and ulogd2 daemon;
- using json logs with ULOG/NFLOG and ulogd2.
The problem is, log files for traffic accounting are huge, and CPU load for
combining ulogd+logstash(-forwarder) is considerable.
To get rid of intermediate logs and agents, could we have an input plugin
for NFLOG netfilter target?
It should be pretty similar to tcp input plugin.
There is a nflog gem, http://rubygems.org/gems/nflog, libnetfilter_log
wrapper.
Thank you.
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/08a4bc0c-d6d9-4e63-b1b7-8d8de6595bbd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.