Unfortunately, the add-on doesn't work, or doesn't work well (from my testing) in a Docker container, which for my purposes Docker seemed to do the job well. More documentation on how to configure the add-on and the binaries to collect Netflow data is available here. Splunk has a built-in Netflow collector that can be easily configured using the built-in scripts available as part of the Splunk Add-on for Netflow. Why not use Splunk's built in Netflow collector instead of Logstash? Splunk ingests the packets and displays the visualizations/alerts/etc.Logstash sends the decoded Netflow packets to Splunk over UDP Port 555.Logstash receives the data on UDP Port 777, decodes the Netflow packets.The Netflow agent (Firewall) sends data to Logstash on UDP Port 777.Splunk - Version 6.4.3 was used for this project.Logstash - Version 6.3 was used for this project.Your Netflow log source (i.e.: Firewall/Network Gateway) - Cisco Meraki was used during this project. ![]() The dashboard allows administrators and security professionals to capture network traffic data, and analyze flows to determine possible bottlenecks and/or security incidents across the corporate network. This project contains all the components and documentation necessary to start collecting and visualizing Netflow data using Splunk.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |