mirror of
https://github.com/ntop/ntopng.git
synced 2026-04-29 15:39:33 +00:00
dbcec19d2b
* Logstash code cleanup * removed unnecesary trace warnings from LS code * sync * Logstash readme updated + code cleanup * changed back to default bulk mechanism * Logstash extension code improvements * PR #1143 revision
56 lines
1.1 KiB
Text
56 lines
1.1 KiB
Text
Introduction
|
|
------------
|
|
|
|
Logstash is a data collection engine that implements a data processing pipeline for ElasticSearch.
|
|
|
|
How To Enable It
|
|
----------------
|
|
In order to enable this feature you need to start ntopng with the -F.
|
|
|
|
Example:
|
|
$ ntopng -F "logstash;localhost;tcp;5510"
|
|
|
|
Syntax:
|
|
logstash;<host>;<protocol>;<port_number>
|
|
|
|
Using It
|
|
--------
|
|
Enabling this option will cause ntopng dump flow information in Logstash so that
|
|
the data can be enriched before it gets indexed in ElasticSearch.
|
|
|
|
Once started, ntopng will push to LS flows that are expired or periodically send
|
|
(every 5 mins) partial flows for long lasting flows.
|
|
|
|
Logstash configuration example :
|
|
|
|
input {
|
|
tcp {
|
|
host => "localhost"
|
|
port => 5510
|
|
codec => json
|
|
type => "ntopng-ls"
|
|
}
|
|
}
|
|
|
|
filter {
|
|
if [type] == "ntopng-ls" {
|
|
if "" not in [IPV4_SRC_ADDR] and "" not in [IPV6_SRC_ADDR] {
|
|
drop {}
|
|
}
|
|
...
|
|
}
|
|
}
|
|
|
|
output {
|
|
if [type] == "ntopng-ls" {
|
|
...
|
|
}
|
|
}
|
|
|
|
|
|
Future Work
|
|
-----------
|
|
In the future we plan:
|
|
|
|
- Extend the input plugin list that can be used in communication between ntopng
|
|
and logstash
|