ntop alerts to slack

Started by deekdeeker, April 23, 2019, 02:04:57 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 23, 2019, 02:04:57 AM
Anyone using the ntop alerts via slack?? Just trying this for the first time and not really sure what is happening , I thought that it would just forward the alerts that are appearing the the "flow alerts" section of ntop but apparently not im just getting stuff like below that does not in any way match the alerted flows in ntop.. no more info than that . is this just a useless feature?

22/04/2019 20:00:08][Blacklisted Flow] Client, server or domain is blacklisted [Flow: xxx.176.26.66:52077 xxx.xxx.local:40100] [L4 Protocol: TCP]
April 23, 2019, 02:27:12 AM #1
Even in the logs, I'm trying(!) to figure out what the hades this means.
April 23, 2019, 02:31:52 AM #2
well i can see that these logs are just random probes from mother russia. But i dont see these anywhere in ntop these are attacks straight to the FW itself. Very confusing and not very useful info as the purpose of slack would be to aggregate the logs that would normally see from NTOP - which do not seem to get logged. :P
Print
Go Up Pages1
User actions