nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhukar Thota <madhukar.th...@gmail.com>
Subject Re: Netflow parser
Date Mon, 08 Aug 2016 14:00:38 GMT
Hi Joe,

we have bunch of cisco router that has netflow feature built in. Netflow
allows us to collect the network traffic from the devices and able to send
them to udp destination for processing. As the data comes in raw, we need
to parse the incoming data and do transformation and send to them hdfs,
kafka or elasticseach or some other destination for analytics.

Today we are using logstash as netflow collector and able to do
transformation and write them into elasticsearch for visualization. As we
are moving all the logstash processing work to nifi, we want to move the
netflow parsing to nifi too.

https://github.com/logstash-plugins/logstash-codec-netflow
http://blogs.cisco.com/security/step-by-step-setup-of-elk-for-netflow-analytics
https://streamsets.com/documentation/datacollector/latest/help/#Origins/UDP.html#concept_rst_2y5_1s


-Madhu

On Mon, Aug 8, 2016 at 9:42 AM, Joe Witt <joe.witt@gmail.com> wrote:

> Hello
>
> There are no processors included in the apache release that
> specifically operate on netflow so you'd need to have a custom
> processor to deal with it until one is included.
>
> Netflow is often flowing through NiFi typically for things like
> content merging and loading into HDFS.  Parsing is a good use case and
> presumably after that you'd want to make some routing decisions or do
> some sort of enrichment?  Can you describe in more detail what you'd
> like to be able to accomplish in NiFi and what systems it would
> deliver the netflow to?  Also, what type of Netflow is of interest (it
> can be frustratingly proprietary)?
>
> Thanks
> Joe
>
> On Mon, Aug 8, 2016 at 9:27 AM, Madhukar Thota <madhukar.thota@gmail.com>
> wrote:
> > Is there any Processor available for Netflow? If not what is the best
> way to
> > get Netflow data parsed using nifi?
> >
> >
>

Mime
View raw message