Hi gents,
I'm recently on the "Elasticsearch log analysis" mood.
I've just set up a collector for my Netflow logs coming from about 20 devices across the Europe.
Everything seems fine, I have consistent data about flow directions and TCP/UDP bytes usage. But regarding others protocol (eg. ICMP; HOPOPT and so on) I'm getting those huge values under bytes (flow export related to 1 hour):
eg. HOPOPT 1.6 TB of bytes and 5k flows in the last hour? Seems a bad reading or conversion, right?
No comments:
Post a Comment