In part 36 of this series, I did let you know I have NetFlow monitoring at home. But for what is it good for, other than geek factor? By day, I am a Lead Site Reliability Engineer in a global cyber security company. By night, I monitor my home with Zabbix & Grafana and do some weird experiments with them. Welcome to my blog about the project.
NetFlow can be really useful to find out where your IoT devices are talking to. In an ancient post of this blog series I told you how according to ping test our Samsung Smart TV is responding to ping for short periods of time even when we are not using the TV. Now, with NetFlow, we can see what's going on under the hood. I'll let our TV to be the star of the show for showing how NetFlow can help you.
NetFlow data visualised with Grafana
Sankey Panel for Grafana can be incredibly cool with all kinds of flow data. Here's an example from last night. Our TV was not on as we were sleeping, yet still the NetFlow data looks like this.
And here is the world map of geographical locations it was connecting to.
The same in ElastiFlow/Kibana
ElastiFlow is basically just a bunch of Logstash rules and preconfigured Kibana dashboards. So, here's a collection of images showing some examples how this same data can be observed through it.
In a nutshell: if you need to learn about how chatty your (IoT) devices are, NetFlow is an excellent option.
Next time I'll be back to Zabbix with something Completely Else.
I have been working at Forcepoint since 2014 and am always eager to find out what my devices are doing.
Comments
Hi any one tell me how to configure NetFlow on Zabbix
Any Solution
NetFlow Configuration