Skip to content
This repository has been archived by the owner on Mar 22, 2024. It is now read-only.

ElastiFlow v2.1.0
Compare
Choose a tag to compare
@robcowart robcowart released this 14 Feb 12:58
· 328 commits to master since this release
v2.1.0
d1fde6d

  1. Added support for flow proxies, such as nProbe, which populate the exporterIPv4Address or exporterIPv6Address fields with the IP of the device from which the flow originated. This applies to both Netflow v9 and IPFIX flow types.

  2. Added the option to remove fields from the original flow records to save storage space. This is done by setting the environment variable ELASTIFLOW_KEEP_ORIG_DATA to false (default is true). The result of setting this to false is that the netflow, ipfix and sflow objects will be removed prior to sending the data to Elasticsearch. This has no adverse affect on the provided dashboards, as they they are populated from the normalized flow object. However the original flow fields will no longer be available if they are desired for additional analytics.

  3. Updated MaxMind GeoLite2 DBs to those released 6 Feb 2018.

Assets 2
Loading