Comments (5)
lucaderi
commented on August 14, 2024
In nProbe you have
[NFv9 57573][IPFIX 35632.101] %SRC_IP_COUNTRY Country where the src IP is located
[NFv9 57574][IPFIX 35632.102] %SRC_IP_CITY City where the src IP is located
[NFv9 57575][IPFIX 35632.103] %DST_IP_COUNTRY Country where the dst IP is located
[NFv9 57576][IPFIX 35632.104] %DST_IP_CITY City where the dst IP is located
that are the equivalent for nProbe
Furthermore in nProbe you need to do something like this we do for ntopng
https://github.com/ntop/ntopng/blob/dev/httpdocs/misc/ntopng_template_elk.json
This said I do not understand what you mean with "is possible to display location on Geo Map but there is no data in ES".
from nprobe.
lzalewsk
commented on August 14, 2024
Longitide and Lattitude are missing in export/
There is no data to map to geo_point so there is no possible to draw data on map.
Country and City are usefull but not enought/
from nprobe.
ValentinaViscarelli
commented on August 14, 2024
I added the export of longitude and latitude.
Now you have:
[NFv9 57920][IPFIX 35632.448] %SRC_IP_LONG Longitude where the src IP is located
[NFv9 57921][IPFIX 35632.449] %SRC_IP_LAT Latitude where the src IP is located
[NFv9 57922][IPFIX 35632.450] %DST_IP_LONG Longitude where the dst IP is located
[NFv9 57923][IPFIX 35632.451] %DST_IP_LAT Latitude where the dst IP is located
Overnight a new release will be built. You will be able to find them in new release.
from nprobe.
lzalewsk
commented on August 14, 2024
HI,
I confirme that location data are now exported but why you decided to split location on two fileds Long &Lat? In ntopng Location are exported like this:
"SRC_IP_COUNTRY": "PL",
"SRC_IP_LOCATION": [
21,
52.25
],
"DST_IP_COUNTRY": "PL",
"DST_IP_LOCATION": [
21,
52.25
]
From ES perspetive it is better format to carry out positioning on the Map using geo_point.
So to maintain consistancy between ntopng and nprobe I think that geo_point format is better.
from nprobe.
simonemainardi
commented on August 14, 2024
@ValentinaViscarelli do you think we should add an index template like in ntopng?
https://github.com/ntop/ntopng/blob/dev/src/Redis.cpp#L1186
https://github.com/ntop/ntopng/blob/aafac73593c49ae3b22fd47c13e9b96b4b45975b/httpdocs/misc/ntopng_template_elk.json
from nprobe.
Related Issues (20)
- [Cento] Add L7_APP_PROTOCOL_NAME L7_SERVICE_NAME HOT 1
- [Cento] Add missing IEs in template definition (available in JSON) HOT 1
- [Cento] Add an option to ignore empty information elements HOT 1
- [Cento] Add option to skip empty fields when exporting using template HOT 1
- [Cento] Add information element to export AS Organization name HOT 1
- [Cento] Unknown Template token "%SRC_VLAN=>src_vlan, skipping HOT 1
- [Cento] %VAR:INT=name:value is not working HOT 1
- [Cento] Allow duplicated (renamed) information elements in template HOT 1
- Ntopng to time series on Influx with only MAC address, no IP address HOT 1
- Trouble generating nProbe Liscence. HOT 2
- Cant activate my nProbe license for ntopng Enterprise L (academic) HOT 1
- [Cento] Add support for --template when exporting through TCP HOT 1
- nProbe IPS: Custom Protocols and Categories not getting blocked (bug?) HOT 3
- Documentation add examples of the sh iptables/nftables scipts HOT 5
- nProbe Kubernetes container fails to load with cloud license HOT 17
- cento does not inspect GTP envelope HOT 4
- Remote nProbe not relay’ing SNI and certificate info on HTTPS/TLS sessions HOT 2
- In nProbe —json-labels seems to be working with the default template, but not with custom ones HOT 3
- nprobe --agent-mode throws rlimit_memlock error even though its unlimited HOT 3
- nflite plugin sample rate - no effect HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nprobe.