Merge data neflow and snmp, see description ports in neflow

dreshme · May 25, 2022, 9:09am

Hello
I use ELK 7.17.

I get data from filebeat netflow and snmp plugin.
I don't know, how i can combine information about interfaces.ifAlias and interfaces.index received from snmp plugin and netflow.egress_interface and netflow.ingress_interface received from netflow module filebeat.
I want see description ports in neflow filebeat. How i can do it?
I want see which AS-numbers network/traffic go through certain ports.

Please help me.

techie.antonio · June 19, 2022, 11:26am

Just use ElastiFlow where all of this stuff has already been done for you. We use this where I work, and I use it for a home lab. The original ElastiFlow used Logstash, but the new version is a custom developed collector. It is much faster than Logstash or Filebeat, but it also has more netflow-specific features.

You can enrich network interfaces using:

option records (if supported by your devices) where the device send the mapping of ifIndex to ifName and the ElastiFlow collector uses this to provide the interface name.
SNMP
User-defined where you specify the interface name and any other interface metadata.

system · July 17, 2022, 11:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash - With Filebeats and Netflow Logstash	6	1098	October 21, 2018
Feature Request Flowbeat! Beats packetbeat	12	5892	November 4, 2022
Filebeat Netflow Input to Logstash Elastiflow Pipeline Beats filebeat	1	453	May 19, 2020
Elasticsearch 7.4 Netflow questions Logstash or filebeat WTF? Elasticsearch	6	1434	November 1, 2019
Filebeat Script for Netflow data enrichment Beats filebeat	2	19	November 1, 2024

Merge data neflow and snmp, see description ports in neflow

Related topics