Fantastic Mike, look forward to some writing of your solution.

Paolo

On Sun, Mar 04, 2018 at 02:35:30PM -0600, Mike Hammett wrote:
> I'm nearing completion of what I'm looking for. Once I get the last few kinks 
> ironed out, I'll work on cleaning up my install and hopefully putting 
> together a new blog post\guide on how to do what I did. 
> 
> Netflow data with ASNs (extra work because Mikrotik) is making it into 
> Elasicsearch and Kibana sees the index and the fields in it. I imported a 
> dashboard from somewhere that relied on some different values than I'm 
> currently pushing from pmacct. Hopefully I can get all that stuff to mesh. 
> 
> 
> 
> ----- 
> Mike Hammett 
> Intelligent Computing Solutions 
> http://www.ics-il.com 
> 
> Midwest Internet Exchange 
> http://www.midwest-ix.com 
> 
> ----- Original Message -----
> 
> From: "Mike Hammett" <pmacct-discuss...@ics-il.net> 
> To: "Paolo Lucente" <pa...@pmacct.net>, pmacct-discussion@pmacct.net 
> Sent: Saturday, March 3, 2018 4:34:15 PM 
> Subject: Re: [pmacct-discussion] pmacct + ELK made easy? 
> 
> 
> Perhaps I should back up and request a beginners guide to pmacct. Most of 
> what I've read today has largely assumed you already know what you're doing. 
> I haven't found a good from the ground-up setup guide. 
> 
> I generally prefer installing whatever package is in the distro's repository 
> to make upgrades and dependencies easier, but it seems like pmacct has 
> limited plugin packages. Strangely, it seems like Debian is more current than 
> Ubuntu at the moment (1.6.1 vs. 1.5.2). Anyway, I digress. 
> 
> So what do I need to do to get to that point? 
> 
> Download and extract the tar. 
> I'm not sure which plugins I need to enable at compilation as I'm not sure 
> where I'm sending the data. So far I've gone forward with just jansson, which 
> may not even be needed, I don't know. 
> 
> I have it collecting promiscuously on the Ethernet port for now, putting it 
> into memory. 
> 
> I should probably make sure my netflow config works correctly as well. 
> 
> Where am I putting the BGP configuration? Right into the netflow config file 
> as that's the traffic data I intend to ingest? 
> 
> 
> 
> 
> ----- 
> Mike Hammett 
> Intelligent Computing Solutions 
> http://www.ics-il.com 
> 
> Midwest Internet Exchange 
> http://www.midwest-ix.com 
> 
> ----- Original Message -----
> 
> From: "Paolo Lucente" <pa...@pmacct.net> 
> To: pmacct-discussion@pmacct.net 
> Sent: Saturday, March 3, 2018 10:13:08 AM 
> Subject: Re: [pmacct-discussion] pmacct + ELK made easy? 
> 
> 
> Anthony is correct. The incarnation of that blog entry about pmacct + 
> ELK is the pmacct-to-elasticsearch project that you can find on GitHub: 
> 
> https://github.com/pierky/pmacct-to-elasticsearch 
> 
> Also here you can find a guide on how to integrate pmacct with InfluxDB 
> (on top of the same blog entry that Anthony already referenced about 
> ELK): 
> 
> https://github.com/pmacct/pmacct/wiki/External-Links 
> 
> Paolo 
> 
> On Sat, Mar 03, 2018 at 03:30:38PM +0000, Anthony Caiafa wrote: 
> > It seems you can probably build one based off these two 
> > 
> > https://blog.pierky.com/integration-of-pmacct-with-elasticsearch-and-kibana/
> >  
> > 
> > https://blogs.cisco.com/security/step-by-step-setup-of-elk-for-netflow-analytics
> >  
> > 
> > 
> > I am sure with a little more is googling you’ll be able to find something 
> > or put a post together. 
> > 
> > On Sat, Mar 3, 2018 at 9:12 AM Jon Nistor <nis...@snickers.org> wrote: 
> > 
> > > That would be really awesome if there were a guide :> 
> > > 
> > > 
> > > From: Mike Hammett <pmacct-discuss...@ics-il.net> 
> > > <pmacct-discuss...@ics-il.net> 
> > > Reply: pmacct-discussion@pmacct.net <pmacct-discussion@pmacct.net> 
> > > <pmacct-discussion@pmacct.net> 
> > > Date: March 3, 2018 at 9:03:00 AM 
> > > To: pmacct-discussion@pmacct.net <pmacct-discussion@pmacct.net> 
> > > <pmacct-discussion@pmacct.net> 
> > > Subject: [pmacct-discussion] pmacct + ELK made easy? 
> > > 
> > > Anyone know of a good A - Z pmacct - ELK stack guide? Debian preferred, 
> > > but not required. 
> > > 
> > > 
> > > 
> > > 
> > > ----- 
> > > Mike Hammett 
> > > Intelligent Computing Solutions 
> > > http://www.ics-il.com 
> > > <https://www.facebook.com/ICSIL> 
> > > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> 
> > > <https://www.linkedin.com/company/intelligent-computing-solutions> 
> > > <https://twitter.com/ICSIL> 
> > > Midwest Internet Exchange 
> > > http://www.midwest-ix.com 
> > > <https://www.facebook.com/mdwestix> 
> > > <https://www.linkedin.com/company/midwest-internet-exchange> 
> > > <https://twitter.com/mdwestix> 
> > > _______________________________________________ 
> > > pmacct-discussion mailing list 
> > > http://www.pmacct.net/#mailinglists 
> > > 
> > > _______________________________________________ 
> > > pmacct-discussion mailing list 
> > > http://www.pmacct.net/#mailinglists 
> 
> > _______________________________________________ 
> > pmacct-discussion mailing list 
> > http://www.pmacct.net/#mailinglists 
> 
> 
> _______________________________________________ 
> pmacct-discussion mailing list 
> http://www.pmacct.net/#mailinglists 
> 
> _______________________________________________ 
> pmacct-discussion mailing list 
> http://www.pmacct.net/#mailinglists 

> _______________________________________________
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists


_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to