Mikrotik Network Logs + Elastic Stack (Elastic, Kibana, and Filebeat)

Подписаться 105

Просмотров 16 тыс.

50% 1

How to do a basic installation of the Elastic Stack and export network logs from a Mikrotik router.
Installing the Elastic Stack: www.elastic.co/guide/en/elast...
Installing Elasticsearch: www.elastic.co/guide/en/elast...
Installing Kibana: www.elastic.co/guide/en/kiban...
If you found this tutorial helpful, Please share, like, comment, or subscribe!
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
Local Elevator by Kevin MacLeod is licensed under a Creative Commons Attribution 4.0 license. creativecommons.org/licenses/...
Source: incompetech.com/music/royalty-...
Artist: incompetech.com/

Опубликовано:

23 окт 2021

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 15

@efokafui 2 года назад

great and educative video, you saved me a ton of research. God bless you

@eliasantoniadis8556 Год назад

Thank you. Very useful!

@riley10129 Год назад

Many thanks for the excellent video. Great work, keep it up! Sub earnt

@dormoose Год назад

thank you very much, for your tutorial! I have succeeded from X try: current version of kibana/elasticsearch did not work for me. had to install specific versions ( apt install kibana=7.15.2, etc ) thing that bothers me in the these trafficflow logs/reports is that local network addresses are not translated and in the end I have statistics of conversations between my router and final host (say google/youtube) instead of conversations between media server and google/youtube. but maybe my mikrotik is misconfigured somehow, need to dig more.

@Ravis_Computers 11 месяцев назад

Hello Everyone, After upgrading to Router OS version 7 I noticed that the Netflow export was not working and some people on the forums have also experienced the same issue. The setting default is to leave the "source ip" field blank in Traffic Flow Target so it would send logs for all hosts on the network unfiltered. That source ip field is there in case you only wanted to send logs filtered for one IP host on your network. Since the field can't be left blank for the time being, I have found a workaround which is to put the WAN IP address typically assigned to the interface ethr1 in source ip. This config has got netflow export to work again, but the disadvantage is that it only shows traffic travelling through the WAN and no internal traffic.

@pastoralopez9284 Год назад

Thank you. May I ask you how you run the docker image. Do you have to set any volume to preserve the data or to indicate any port? Can you indicate the line to run the ubuntu docker image?

@Ravis_Computers Год назад

Not using docker image. I used an Ubuntu container running in the ProxMox hypervisor. I don’t have any instructions for docker, but the installation method for elk should be the same. Ports are set in the config file for each application as shown in the video. The applications store their data in their /etc folder like /etc/elasticsearch/

@zabbixstudent8041 Год назад

"Module status" to check Filebeat module In Kibana. says "No data has been received from this module yet" Any ideas why filebeat not showing any logs in Kibana?