15. 02. 2016 Tobias Goller NetEye

Rapidità nell’analisi NetFlow con Kibana4 in NetEye

Kibana4 dasboards in NetEye

In NetEye utilizziamo NfSen per collezionare, analizzare e visualizzare i dati NetFlow.

Sfortunatamente, però, molti utenti si lamentano per l’eccessiva complessità nell’utilizzo di NfSen, specialmente in termini di lentezza nell’analisi dei dati e per la difficoltà nella generazione di report da inoltrare ai responsabili.

NfSen è in grado di fornire molte possibilità per analizzare dati NetFlow, ma se si ha bisogno di una visualizzazione standard e semplice per i principali scenari di dati sui flussi, è sicuramente meglio utilizzare Kibana4.

Kibana4 è integrata in NetEye 3.6 e grazie all’utilizzo di Logstash e Elasticsearch è possibile raccogliere dati NetFlow per la creazione di dashboard molto più semplici e chiare.

Nelle seguenti immagini potete vedere quattro diversi esempi nella visualizzazione di dati NetFlow con Kibana 4. Ovviamente, potrete filtrare con facilità le informazioni in base a periodi temporali, che possono essere selezionati individualmente dalla GUI.

top 10 source ports - which are creating the most traffic

Le principali 10 porte sorgenti, che hanno generato la maggior parte del traffico.

Top 10 destination ports which are creating the most traffic

Le 10 principali porte destinatarie, che hanno ricevuto maggior traffico.

Top 10 source IP’s - which are creating the most traffic

I 10 principali indirizzi IP sorgenti, che hanno generato il maggior traffico.

Top 10 destination IP’s - which are creating the most traffic

I prinicpali 10 inidirizzi IP destinatari, che hanno ricevuto il maggior traffico.

Tobias Goller

Tobias Goller

NetEye Solution Architect at Würth Phoenix
I started my professional career as a system administrator. Over the years, my area of responsibility changed from administrative work to the architectural planning of systems. During my activities at Würth Phoenix, the focus of my area of responsibility changed to the installation and consulting of the IT system management solution WÜRTHPHOENIX NetEye. In the meantime, I take care of the implementation and planning of customer projects in the area of our unified monitoring solution.

Author

Tobias Goller

I started my professional career as a system administrator. Over the years, my area of responsibility changed from administrative work to the architectural planning of systems. During my activities at Würth Phoenix, the focus of my area of responsibility changed to the installation and consulting of the IT system management solution WÜRTHPHOENIX NetEye. In the meantime, I take care of the implementation and planning of customer projects in the area of our unified monitoring solution.

Latest posts by Tobias Goller

25. 10. 2024 Log-SIEM
Enhancing Cybersecurity with Elastic Defend: A Technical Consultant’s Perspective
28. 08. 2024 Unified Monitoring
ntopng Updates
08. 07. 2024 Unified Monitoring
Collecting Netflows – ntopng vs. ElastiFlow
06. 05. 2024 Unified Monitoring
QUIC, What’s That?
05. 03. 2024 Unified Monitoring
nBox Mini
See All

Related Content

Tags:

08. 07. 2024 Unified Monitoring

Collecting Netflows – ntopng vs. ElastiFlow

In order to be able to carry out detailed network monitoring, an IT administrator naturally wants to know what is happening in his or her network. To obtain this information, the network flows must of course be analyzed. Many network Read More
10. 05. 2021 Log-SIEM, NetEye

Installing Elastiflow on NetEye SIEM

First of all, I'd like to explain in simple terms what Elastiflow is all about. ElastiFlow is a NetFlow analyzer that works with the Elastic Stack. The Elastiflow Analyzer can collect various network flows, such as netflow or sflow, and Read More
09. 03. 2020 Log-SIEM, NetEye

Store Years of NetFlow Historical Data with Elastic Rollup on NetEye 4.9

Keeping historical data around for analysis is extremely useful but often avoided due to the financial cost of archiving massive amounts of data. Retention periods are thus driven by financial realities rather than by the usefulness of extensive historical data. Read More
17. 10. 2019 ITOA, Log-SIEM, Machine Learning, NetEye

Experiences with Netflow and Machine Learning in Elastic

Some time ago I was able to use the machine learning functionality in Elastic for the first time. I was astonished at how easy it is to use, and how fast it calculates historical data. In my particular case, I Read More
15. 02. 2016 Log-SIEM, NetEye

Easy NetFlow Analysis using Kibana4 on NetEye

On NetEye we are using NfSen for the collection, analysis and view of NetFlow data. Unfortunately, many users complain, that the NfSen tool is not that simple to use, especially in terms of fast data analysis and for the reporting of Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive