ElastiFlow
mtail
ElastiFlow | mtail | |
---|---|---|
31 | 23 | |
2,311 | 3,747 | |
- | 0.5% | |
4.1 | 9.1 | |
over 2 years ago | 5 days ago | |
Shell | Go | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ElastiFlow
- NETFLOW .. NTOPNG how to ?
- Seaching for How To install Elastiflow
-
Into my 6th year of this ... hobby?
As a matter of fact, I played with the now deprecated Elastiflow, however I couldn't get my head around managing ELK, scrapped it pretty quickly, and Netflow did not reach the meaningful stage at that time. OpenNMS looks pretty massive that I can't run it at the moment. Thanks for suggestion though.
-
Threat detection
One thing I ran for a while was security onion and utilized port mirroring to mirror the uplink port from my primary switch to my LAN on my router, so I was catching anything coming into/out of my network destined for internet. I've also used ElastiFlow ( https://github.com/robcowart/elastiflow ) which is absolutely phenomenal and awesome, I did the same and it provides some great data. You could also leverage IntelOwl ( https://github.com/intelowlproject/IntelOwl ) , one thing I have added to all my VMs is a OSSEC agent, Wazuh to be specific which is free ( https://github.com/wazuh/wazuh ) and while I am not using it to its full potential such as monitoring file deletions/modifications etc it is a powerful tool.
- Linux Network Traffic Monitor
-
Monitoring all inter-VLAN traffic on 9410 switch?
I'd recommend taking a look at Elastiflow (link is to the legacy version, I haven't used the pay structured tier version that replaced it) as a flow collector. Do it in a docker container, dump netflow to it, and use a sample rate that doesn't fill your collector box with flow packets after a single day. Depends on your traffic rates. We use 1 out of 250 for our rate.
-
Netflow bit rate and Interface Bit Rate
https://github.com/robcowart/elastiflow/issues/201 https://github.com/robcowart/elastiflow/issues/52
- Network Traffic visualization
- ElastiFlow help
-
Installation help, almost there.
Where as the newer version is (https://github.com/robcowart/elastiflow/) is called:
mtail
-
i need to visualize all logs from remote dir
You can do that with something like mtail. Basically write expressions that match your logs and produce metrics.
-
Tool to scrape (semi)-structured log files (e.g. log4j)
mtail is a standard tool for this.
-
Free netflow collector that forwards messages to a syslog server?
I use goflow2 to do something like this. I don't specifically use syslog itself for this, but mtail to generate the metrics.
-
How to easily gather IPv6 VS IPv4 usage on a web server?
I can recommend mtail. Here is a good example nginx script.
-
Nginx upstream_response_time average per API route?
If not, https://github.com/google/mtail might be a good option.
-
Sorting a custom metric by multiple labels
Count the lines with mtail. You can regexp match the values out into labels.
-
Alternatives to ELK (filebeat, logstash, kibana, elasticsearch)
If you want to extract whitebox metrics from logs, maybe all you need is mtail.
-
Prometheus Custom Query/Metric based on STDOUT
You can use mtail (https://github.com/google/mtail) for this. You'll need to figure out how to plug it into your setup, but mtail will do the metrics from logs thing.
-
open-source tools to monitor JSON logs for unexpected patterns?
Convert your logs to metrics with mtail.
-
Server metrics monitoring and reporting for centos?
For nginx, you'll need to setup a log parser like mtail because it doesn't really have much for metrics to begin with.
What are some alternatives?
ntopng - Web-based Traffic and Security Network Traffic Monitoring
loki - Like Prometheus, but for logs.
pfelk - pfSense/OPNsense + Elastic Stack
prometheus-cpp - Prometheus Client Library for Modern C++
LibreNMS - Community-based GPL-licensed network monitoring system
Sloth - Mac app that shows all open files, directories, sockets, pipes and devices in use by all running processes. Nice GUI for lsof.
Netdata - The open-source observability platform everyone needs
sloth - 🦥 Easy and simple Prometheus SLO (service level objectives) generator
scriggo - The world’s most powerful template engine and Go embeddable interpreter
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Grafana - The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.