I'm trying to implement some traffic analysys with ELK.
For now, I have 2 options to choose from (well, AFAIK):
- using plain logs with LOG iptables target;
- using plain logs with ULOG/NFLOG iptables target and ulogd2 daemon;
- using json logs with ULOG/NFLOG and ulogd2.
The problem is, log files for traffic accounting are huge, and CPU load for
combining ulogd+logstash(-forwarder) is considerable.
To get rid of intermediate logs and agents, could we have an input plugin
for NFLOG netfilter target?
It should be pretty similar to tcp input plugin.
There is a nflog gem, http://rubygems.org/gems/nflog, libnetfilter_log
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firstname.lastname@example.org.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/08a4bc0c-d6d9-4e63-b1b7-8d8de6595bbd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.