Thank you, Simone. On Wed, 11 Sep 2019 at 15:19, Simone Mainardi <[email protected]> wrote:
> Srijan, > > You can use nProbe to dump to text files (see options -P <path> and -D t). > nProbe will generate text files with as many columns as the elements > specified in the template option -T. Then use FileBeat to read those text > files and do the necessary downstream processing. > > Alternatively, you can directly push to ElasticSearch straight from > nProbe. In this case you will need the nProbe export plugin and use > option --elastic. > > Simone > > > > On 10 Sep 2019, at 19:35, Srijan Nandi <[email protected]> wrote: > > Hello Alfredo, > > Let me explain my setup and then you can suggest the best way out. > > I have a debian 9 with accolade NIC cards without an IP address. These > cards are a tap to the GTP traffic. So they get to see all the GTP-C > traffic. > > What I want to achieve: > > 1. Be able to read the entire GTP-C flow. > 2. Dump this entire flow to a local disk. I need to read the entire > content of the packet. Including IP Address, MSISDN number, LAC etc. > 3. Use Filebeat to export this to Logstash and dump it to an elasticsearch > database. > > Now, what I read was I still would require ntopng to read the GTP parse > data from nProbe and then log them to a disk and export it to logstash and > elasticsearch. > > -=Srijan Nandi > > On Tue, 10 Sep 2019 at 22:56, Alfredo Cardigliano <[email protected]> > wrote: > >> Hi >> you should not use the accolade adapter for exporting flow data to >> ntopng, that’s for >> capturing raw packets only, you should use the management interface (or >> other standard interfaces) for that. >> >> Alfredo >> >> > On 10 Sep 2019, at 19:22, Srijan Nandi <[email protected]> wrote: >> > >> > Hello Everyone, >> > >> > I require some assistance with the following. >> > >> > I have already configured nProbe to list to accolade NIC card. Now I >> need help in configuring ntopng so that it reads from nprobe. >> > >> > The problem, my accolade cards do not have an IP address as this entire >> setup is in Layer 2 mode. So I am not able to figure out how to use zmq in >> the nprobe config file and utilise the same in the ntopng config file. >> > >> > -- >> > -=Srijan Nandi >> > _______________________________________________ >> > Ntop mailing list >> > [email protected] >> > http://listgateway.unipi.it/mailman/listinfo/ntop >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop > > > > -- > -=Srijan Nandi > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop -- -=Srijan Nandi
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
