Discussion:
[pmacct-discussion] Capture DNS domain and HTTP destinations from incoming netflow packets
sadan sohan
2018-02-20 05:26:39 UTC
Permalink
Hi,

We have a use case to fetch the DNS domain and the HTTP destination
requested by the incoming packets from the source host. Can somebody help
here ?

Thanks & Regards,
Sadan
Aaron Finney
2018-02-20 07:15:28 UTC
Permalink
That's pretty vague. The info you're asking about is not exported via
netflow, so you'll need some other process (i.e. ETLs, or stream processing
if your pipeline's resources can handle it) to retrieve/match the
additional data to your flow records - e.g. reverse DNS and mining
aggregated HTTP server logs using the fields you're exporting to match
server transactions with flows.
Post by sadan sohan
Hi,
We have a use case to fetch the DNS domain and the HTTP destination
requested by the incoming packets from the source host. Can somebody help
here ?
Thanks & Regards,
Sadan
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
Loading...