Srijan, You can use nProbe to dump to text files (see options -P <path> and -D t). nProbe will generate text files with as many columns as the elements specified in the template option -T. Then use FileBeat to read those text files and do the necessary downstream processing.
Alternatively, you can directly push to ElasticSearch straight from nProbe. In this case you will need the nProbe export plugin and use option --elastic. Simone > On 10 Sep 2019, at 19:35, Srijan Nandi <srijan.na...@gmail.com> wrote: > > Hello Alfredo, > > Let me explain my setup and then you can suggest the best way out. > > I have a debian 9 with accolade NIC cards without an IP address. These cards > are a tap to the GTP traffic. So they get to see all the GTP-C traffic. > > What I want to achieve: > > 1. Be able to read the entire GTP-C flow. > 2. Dump this entire flow to a local disk. I need to read the entire content > of the packet. Including IP Address, MSISDN number, LAC etc. > 3. Use Filebeat to export this to Logstash and dump it to an elasticsearch > database. > > Now, what I read was I still would require ntopng to read the GTP parse data > from nProbe and then log them to a disk and export it to logstash and > elasticsearch. > > -=Srijan Nandi > > On Tue, 10 Sep 2019 at 22:56, Alfredo Cardigliano <cardigli...@ntop.org > <mailto:cardigli...@ntop.org>> wrote: > Hi > you should not use the accolade adapter for exporting flow data to ntopng, > that’s for > capturing raw packets only, you should use the management interface (or other > standard interfaces) for that. > > Alfredo > > > On 10 Sep 2019, at 19:22, Srijan Nandi <srijan.na...@gmail.com > > <mailto:srijan.na...@gmail.com>> wrote: > > > > Hello Everyone, > > > > I require some assistance with the following. > > > > I have already configured nProbe to list to accolade NIC card. Now I need > > help in configuring ntopng so that it reads from nprobe. > > > > The problem, my accolade cards do not have an IP address as this entire > > setup is in Layer 2 mode. So I am not able to figure out how to use zmq in > > the nprobe config file and utilise the same in the ntopng config file. > > > > -- > > -=Srijan Nandi > > _______________________________________________ > > Ntop mailing list > > Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it> > > http://listgateway.unipi.it/mailman/listinfo/ntop > > <http://listgateway.unipi.it/mailman/listinfo/ntop> > > _______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop> > > -- > -=Srijan Nandi > _______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list Ntop@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
