Skip to content

Can you seperate TCP_FLAGS to CLIENT_TCP_FLAGS & SERVER_TCP_FLAGS when ntopng dump flows via syslog? #8941

New issue
Jump to bottom
New issue
Jump to bottom
Open
Open
Can you seperate TCP_FLAGS to CLIENT_TCP_FLAGS & SERVER_TCP_FLAGS when ntopng dump flows via syslog?#8941
@ioesoft

Description

@ioesoft
ioesoft
opened on Feb 5, 2025

Separating TCP_FLAGS into CLIENT_TCP_FLAGS & SERVER_TCP_FLAGS in ntopng Syslog Exports

When nProbe exports flows, TCP flags are separately reported as CLIENT_TCP_FLAGS and SERVER_TCP_FLAGS. However, it seems that ntopng merges these two fields into a single TCP_FLAGS field when exporting flows via syslog.

Is there a specific reason for merging them into one field?
If not, would it be possible to separate TCP_FLAGS into CLIENT_TCP_FLAGS and SERVER_TCP_FLAGS in ntopng’s syslog flow exports?

<nprobe.conf>
-T="%IN_SRC_MAC %OUT_DST_MAC %INPUT_SNMP %OUTPUT_SNMP %SRC_VLAN %IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_SRC_PORT %L4_DST_PORT %IPV6_SRC_ADDR %IPV6_DST_ADDR %SRC_TOS %DST_TOS %IP_PROTOCOL_VERSION %PROTOCOL %L7_PROTO %L7_CONFIDENCE %IN_BYTES %IN_PKTS %OUT_BYTES %OUT_PKTS %FIRST_SWITCHED %LAST_SWITCHED %CLIENT_TCP_FLAGS %SERVER_TCP_FLAGS %L7_PROTO_RISK"

Feb 5 00:00:07 ntop ntopng[866673]: { "IN_SRC_MAC": "00:0C:29:B7:A3:94", "OUT_DST_MAC": "58:86:94:29:2E:D7", "IPV4_SRC_ADDR": "192.168.0.126", "SRC_ADDR_LOCAL": false, "SRC_ADDR_BLACKLISTED": false, "SRC_NAME": "", "IPV4_DST_ADDR": "20.198.119.84", "DST_ADDR_LOCAL": false, "DST_ADDR_BLACKLISTED": false, "DST_NAME": "", "SRC_TOS": 0, "DST_TOS": 0, "L4_SRC_PORT": 54636, "L4_DST_PORT": 443, "PROTOCOL": 6, "L7_PROTO": 91, "L7_PROTO_NAME": "TLS", "L7_PROTO_RISK": 1, **"TCP_FLAGS": 16**, "IN_RETRANSMISSIONS": 0, "OUT_RETRANSMISSIONS": 0, "IN_OUT_OF_ORDER": 0, "OUT_OUT_OF_ORDER": 0, "IN_LOST": 0, "OUT_LOST": 0, "APPL_LATENCY_MS": 0, "IN_PKTS": 1, "IN_BYTES": 41, "OUT_PKTS": 1, "OUT_BYTES": 52, "FIRST_SWITCHED": 1738681086, "LAST_SWITCHED": 1738681086, "CLIENT_NW_LATENCY_MS": 0.0, "SERVER_NW_LATENCY_MS": 0.0, "SRC_IP_COUNTRY": "", "SRC_IP_LOCATION": [ 0.0, 0.0 ], "DST_IP_COUNTRY": "IN", "DST_IP_LOCATION": [ 73.856697082519531, 18.52039909362793 ], "NTOPNG_INSTANCE_NAME": "ntop", "INTERFACE_NAME": "tcp:\/\/*:5556c", "COMMUNITY_ID": "1:W1Dv7XdfwhKnURMnz+ufw71bLQo=", "L7_RISK_SCORE": 0, "EXPORTER_IPV4_ADDRESS": "192.168.0.77" }

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions