Vizualize Netflow data in Kibana (used network trafic)

Started by glvmvlcltq, October 26, 2021, 08:42:36 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 26, 2021, 08:42:36 AM Last Edit: October 26, 2021, 08:44:40 AM by glvmvlcltq
Hi,

I would like to create a dashboard on Kibana using the OPNsense Netflow (I tried v5 and v9) logs to vizualize the bandwith used per source IP.

Here is my logstash config.

Quoteinput {
  # OPNsense netflow logs input
  udp {
    port  => 10522
    codec => netflow
    tags => ["opnsense_netflow_logs"]
  }
}

filter {

}

output {
  if "opnsense_netflow_logs" in [tags] {
    elasticsearch {
      hosts =>  "http://localhost:9200"
      index => "opnsense-netflow-%{+YYYY.MM}"
    }
  }
}

I receive data in Elasticsearch (see attachments), but I don't know how to use it to create a graph.

For my tests I started a "wget --limit-rate=200k xxx". My IP is 172.16.10.106.
Here is the vizualization I created in the attachments. As you can see, the graph is wrong and I can't even see the download I'm doing.

Where does the problem come from ?
Is the Netflow data correct ? If yes, how should I create my vizualization in Kibana ?

Thanks a lot in advance.
November 15, 2022, 01:17:01 PM #1
Hey there!

I was just working on this setup. I just wanted to know what configurations have you done on opnsense to get this setup running?

Thanks. Help much appreciated!
Print
Go Up Pages1
User actions