Quote: What I'd suggest instead is a user hook when nfsend rolls over the nfcapd files. This could be used to submit the last 5 minute's worth of flows to elasticsearch in bulk <https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-bulk.html>, or run custom alerting queries, or all sorts of other interesting things.
The backend plugins work like that. Your plugin is called with the last 5 minute's worth of data pushed to it and you can manage/export it as you wish. The only requirement is to finish processing before the 5 minute mark, otherwise you'll have a positive feedback loop and may kill your server. On Mon, Sep 16, 2019 at 2:44 PM Brian Candler <b.cand...@pobox.com> wrote: > On 13/09/2019 12:20, nfsen-discuss-requ...@lists.sourceforge.net wrote: > > * Something other than PHP :-) > > I also dislike PHP and deem it as the BASIC of our times. > > And nfsen uses perl for its backend - possibly the FORTRAN of our times?? > > > Another idea: adding to nfdump the ability to dump flows to an ELK > stack. > > Changing nfdump seems orthogonal to fixing nfsen. The key differentiator > of the nfcapd/nfdump/nfsen stack is that it writes to compact linear disk > files - no database, simple setup, low resource requirements. > > What I'd suggest instead is a user hook when nfsend rolls over the nfcapd > files. This could be used to submit the last 5 minute's worth of flows to > elasticsearch in bulk > <https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-bulk.html>, > or run custom alerting queries, or all sorts of other interesting things. > _______________________________________________ > Nfsen-discuss mailing list > Nfsen-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss >
_______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
