On 13/09/2019 12:20, nfsen-discuss-requ...@lists.sourceforge.net wrote:
* Something other than PHP :-)
I also dislike PHP and deem it as the BASIC of our times.
And nfsen uses perl for its backend - possibly the FORTRAN of our times??
Another idea: adding to nfdump the ability to dump flows to an ELK
stack.
Changing nfdump seems orthogonal to fixing nfsen. The key
differentiator of the nfcapd/nfdump/nfsen stack is that it writes to
compact linear disk files - no database, simple setup, low resource
requirements.
What I'd suggest instead is a user hook when nfsend rolls over the
nfcapd files. This could be used to submit the last 5 minute's worth of
flows to elasticsearch in bulk
<https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-bulk.html>,
or run custom alerting queries, or all sorts of other interesting things.
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
