Merge data neflow and snmp, see description ports in neflow

Elastic Stack Logstash
1

Hello
I use ELK 7.17.

I get data from filebeat netflow and snmp plugin.
I don't know, how i can combine information about interfaces.ifAlias and interfaces.index received from snmp plugin and netflow.egress_interface and netflow.ingress_interface received from netflow module filebeat.
I want see description ports in neflow filebeat. How i can do it?
I want see which AS-numbers network/traffic go through certain ports.

Please help me.

2

Just use ElastiFlow where all of this stuff has already been done for you. We use this where I work, and I use it for a home lab. The original ElastiFlow used Logstash, but the new version is a custom developed collector. It is much faster than Logstash or Filebeat, but it also has more netflow-specific features.

You can enrich network interfaces using:

  1. option records (if supported by your devices) where the device send the mapping of ifIndex to ifName and the ElastiFlow collector uses this to provide the interface name.
  2. SNMP
  3. User-defined where you specify the interface name and any other interface metadata.
1 Like
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.