Hello, I am trying to get L7_PROTO_NAME with nprobe. I am using the nprobe as below
nprobe -G -t 60 -d 15 --elastic "flows;nprobe-%Y.%m.%d; http://10.X.X.X:9200/_bulk"; -i eth1 -T "%IN_BYTES %IN_PKTS %PROTOCOL %L4_SRC_PORT %IPV4_SRC_ADDR %L4_DST_PORT %IPV4_DST_ADDR %SRC_AS %DST_AS %OUT_BYTES %OUT_PKTS %SRC_VLAN %DST_VLAN %HTTP_URL %HTTP_METHOD %HTTP_HOST %HTTP_SITE %L7_PROTO %L7_PROTO_NAME %APPL_LATENCY_MS" The problem here when I am checking the flows via elasticsearch I get two differen results for exactly the same request, L7_PROTO_NAME HTTP L7_PROTO_NAME Unknown. So what may be the problem here? Regards, Lutfi
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
