Victor inserting them in ELK is not different from collector to probe mode. The thing is that we transform ASA flows into the template specified by -T and thus you will not see a 1:1 correspondence between collected and stored flows in ELK
Luca On 10/07/2015 03:20 PM, Victor Castro wrote: > Hello, > > I'm looking for assistance in what I think is a simple nProbe > configuration. > > I would like to export Cisco ASA NetFlow V9 flows from the ASA, > through nProbe and into elasticsearch. I've tried a number of > combinations but I cannot seem to get a working configuration. > > > ASA: > IP: 10.1.1.1 > Netflow collector: 10.2.2.2:20555 <http://10.2.2.2:20555> > > nProbe: > IP: 10.2.2.2 > Collector mode > Collector port: 2055 > > elasticsearch: > IP: 10.2.2.2:9200 <http://10.2.2.2:9200> > > > I have been able to get interface flows from eth0 on the nProbe box > into elasticseearch. > My issue is with nProbe listening on port 2055 and transforming the > netflow v9 packets for export into elasticsearch. > > > Can someone lend some assistance on how I would configure nprobe in > collector or proxy mode to read the ASA V9 flows and export them to > elasticsearch? > > Thanks > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
