Re: [pmacct-discussion] Receiving Netflow, enrich with additional informations and send as netflow to collector

, 2018 at 11:09:45AM +, Anthony Caiafa wrote: > > Phase 4 you can easily achieve with Apache nifi. You could also enrich > the > > data and send to another queue with Apache nifi also. > > Thanks for the suggestion, but as i read about nifi, it has no native > netflow module

Re: [pmacct-discussion] Receiving Netflow, enrich with additional informations and send as netflow to collector

Phase 4 you can easily achieve with Apache nifi. You could also enrich the data and send to another queue with Apache nifi also. On Sat, Apr 28, 2018 at 3:55 AM Tim Weippert wrote: > Hi Paolo, > > On Fri, Apr 27, 2018 at 05:02:07PM +, Paolo Lucente wrote: > > > > Hi Tim, >

Re: [pmacct-discussion] ipv4 conversion to int

nt and > dst_host_int for example. In your 'aggregate' line you will also have to > modify src_host and dst_host into src_host_int and dst_host_int. I tried > this working for me. > > Paolo > > On Thu, Apr 19, 2018 at 03:01:24PM -0400, Anthony Caiafa wrote: > > Yep that didnt work

Re: [pmacct-discussion] ipv4 conversion to int

eys instead of creating a new one for src_host_int. >> >> On Thu, Apr 19, 2018 at 10:05 AM, Anthony Caiafa <2600...@gmail.com> wrote: >> > yeah backend is clickhouse and it has a similar function. However >> > conversion for range queries is meh. might as well st

Re: [pmacct-discussion] ipv4 conversion to int

wrote: > >> As far as I know it doesn't but if you use nfacctd, you can easily >> define your own primitives to do the same job: > >> On Thu, Apr 19, 2018 at 12:14 AM Anthony Caiafa <2600...@gmail.com> >> wrote: >> >> > Does this feature currently e

Re: [pmacct-discussion] ipv4 conversion to int

=4 semantics=u_int > name=dst_host_intfield_type=12len=4 semantics=u_int > > Then, you can use those primitives instead of the standard ones in your > config. > > On Thu, Apr 19, 2018 at 12:14 AM Anthony Caiafa <2600...@gmail.com> wrote: > >> Do

[pmacct-discussion] ipv4 conversion to int

Does this feature currently exist? Having the ability to convert the ipv4 key field to an int? ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] pmacct and pnda.io integration

g on > figuring out how to remove logstash from the workflow. > > --Jaime > > > > On Mon, Mar 26, 2018 at 6:27 AM, Anthony Caiafa <2600...@gmail.com> wrote: > >> Just adding 2 cents here. It seems like quite a few steps and going back >> and forth to kafka

Re: [pmacct-discussion] pmacct + ELK made easy?

egrate pmacct with InfluxDB > (on top of the same blog entry that Anthony already referenced about > ELK): > > https://github.com/pmacct/pmacct/wiki/External-Links > > Paolo > > On Sat, Mar 03, 2018 at 03:30:38PM +, Anthony Caiafa wrote: > > It seems you c

Re: [pmacct-discussion] pmacct + ELK made easy?

It seems you can probably build one based off these two https://blog.pierky.com/integration-of-pmacct-with-elasticsearch-and-kibana/ https://blogs.cisco.com/security/step-by-step-setup-of-elk-for-netflow-analytics I am sure with a little more is googling you’ll be able to find something or put

Re: [pmacct-discussion] pmacct performance

Yep so it looks like everytime kafka_history runs no matter what interval you put it on it will crash pmacct and restart the service. On Sat, Nov 18, 2017 at 9:27 AM, Anthony Caiafa <2600...@gmail.com> wrote: > Sounds good. I’ll be sending out some data to you. > > On Sat, Nov 18,

Re: [pmacct-discussion] pmacct performance

://github.com/pmacct/pmacct/blob/master/QUICKSTART#L1994-L2013 > > Any output from gdb and such, you can freely take it off list and > unicast to me directly. We can then summarise things back on list. > > Paolo > > On Fri, Nov 17, 2017 at 10:41:40AM -0500, Anthony Caiafa wrote: >

[pmacct-discussion] pmacct performance

Hi! So my usecase may be slightly larger than most. I am processing 1:1 netflow data for a larger infrastructure. We are receiving about 55million messages a minute which isn’t much but through pmacct it seems to not like it so much. I have pmacct scheduled with nomad running across a few machines