Can you seperate TCP_FLAGS to CLIENT_TCP_FLAGS & SERVER_TCP_FLAGS when ntopng dump flows via syslog? #8941
Labels
Ready to Test
a feedback is needed on a proposal or implementation
Comments
MatteoBiscosi
added
the
Ready to Test
|
The request has been implemented in both dev and stable version |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Separating TCP_FLAGS into CLIENT_TCP_FLAGS & SERVER_TCP_FLAGS in ntopng Syslog Exports
When nProbe exports flows, TCP flags are separately reported as CLIENT_TCP_FLAGS and SERVER_TCP_FLAGS. However, it seems that ntopng merges these two fields into a single TCP_FLAGS field when exporting flows via syslog.
Is there a specific reason for merging them into one field?
If not, would it be possible to separate TCP_FLAGS into CLIENT_TCP_FLAGS and SERVER_TCP_FLAGS in ntopng’s syslog flow exports?
<nprobe.conf>
Feb 5 00:00:07 ntop ntopng[866673]: { "IN_SRC_MAC": "00:0C:29:B7:A3:94", "OUT_DST_MAC": "58:86:94:29:2E:D7", "IPV4_SRC_ADDR": "192.168.0.126", "SRC_ADDR_LOCAL": false, "SRC_ADDR_BLACKLISTED": false, "SRC_NAME": "", "IPV4_DST_ADDR": "20.198.119.84", "DST_ADDR_LOCAL": false, "DST_ADDR_BLACKLISTED": false, "DST_NAME": "", "SRC_TOS": 0, "DST_TOS": 0, "L4_SRC_PORT": 54636, "L4_DST_PORT": 443, "PROTOCOL": 6, "L7_PROTO": 91, "L7_PROTO_NAME": "TLS", "L7_PROTO_RISK": 1, **"TCP_FLAGS": 16**, "IN_RETRANSMISSIONS": 0, "OUT_RETRANSMISSIONS": 0, "IN_OUT_OF_ORDER": 0, "OUT_OUT_OF_ORDER": 0, "IN_LOST": 0, "OUT_LOST": 0, "APPL_LATENCY_MS": 0, "IN_PKTS": 1, "IN_BYTES": 41, "OUT_PKTS": 1, "OUT_BYTES": 52, "FIRST_SWITCHED": 1738681086, "LAST_SWITCHED": 1738681086, "CLIENT_NW_LATENCY_MS": 0.0, "SERVER_NW_LATENCY_MS": 0.0, "SRC_IP_COUNTRY": "", "SRC_IP_LOCATION": [ 0.0, 0.0 ], "DST_IP_COUNTRY": "IN", "DST_IP_LOCATION": [ 73.856697082519531, 18.52039909362793 ], "NTOPNG_INSTANCE_NAME": "ntop", "INTERFACE_NAME": "tcp:\/\/*:5556c", "COMMUNITY_ID": "1:W1Dv7XdfwhKnURMnz+ufw71bLQo=", "L7_RISK_SCORE": 0, "EXPORTER_IPV4_ADDRESS": "192.168.0.77" }-T="%IN_SRC_MAC %OUT_DST_MAC %INPUT_SNMP %OUTPUT_SNMP %SRC_VLAN %IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_SRC_PORT %L4_DST_PORT %IPV6_SRC_ADDR %IPV6_DST_ADDR %SRC_TOS %DST_TOS %IP_PROTOCOL_VERSION %PROTOCOL %L7_PROTO %L7_CONFIDENCE %IN_BYTES %IN_PKTS %OUT_BYTES %OUT_PKTS %FIRST_SWITCHED %LAST_SWITCHED %CLIENT_TCP_FLAGS %SERVER_TCP_FLAGS %L7_PROTO_RISK"
The text was updated successfully, but these errors were encountered: