Filebeat 8.2 is using. I am unable to see the netflow fields in the Discovery. But i am seeeing in "data views". What is the reason?
We would like to help but we need more information
Index Patterns are renamed to Data Views
What are you seeing in Discover...
Did you use the netflow module?
Did you run filebeat setup before you started filebeat to send the netflow
Perhaps you can share your configurations and the results?
Yes Data view is there for Filebeat.
I am successfully getting the fortinet firewall logs and i am able to see in the Discovery. But not he netflow logs from the same firewall. But netflow data is receving to elk server. TCP dump showing the receving the netflow logs on configured port 2055.
Yes enabled the netflow module along with fortinet.
[root@ELK01 ~]# tcpdump -i eth1 port 2055
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
19:07:47.329745 IP Firewall-Forti.ipt-anri-anri > ELK01.iop: UDP, length 1316
19:07:47.629796 IP Firewall-Forti.ipt-anri-anri > ELK01.iop: UDP, length 1316
19:07:48.329626 IP Firewall-Forti.ipt-anri-anri > ELK01.iop: UDP, length 1316
19:07:49.589555 IP Firewall-Forti.ipt-anri-anri > ELK01.iop: UDP, length 1316
19:07:49.859483 IP Firewall-Forti.ipt-anri-anri > ELK01.iop: UDP, length 1316
19:07:50.719545 IP Firewall-Forti.ipt-anri-anri > ELK01.iop: UDP, length 1316
19:07:51.079526 IP Firewall-Forti.ipt-anri-anri > ELK01.iop: UDP, length 1316
19:07:51.349405 IP Firewall-Forti.ipt-anri-anri > ELK01.iop: UDP, length 596
19:07:51.349461 IP Firewall-Forti.ipt-anri-anri > ELK01.iop: UDP, length 60
19:07:52.059326 IP Firewall-Forti.ipt-anri-anri > ELK01.iop: UDP, length 1316
Thank you Stephan. Netflow data reciving using UDP but i open tcp 2055 port in elk server. After enabling the UDP 2055 in elk server. I am seeing the netflow data.
Thank you again Stephan.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.