Community discussions

MikroTik App
 
ThomasPK
just joined
Topic Author
Posts: 1
Joined: Wed Sep 30, 2020 11:54 am

Netflow forwardingStatus

Wed Sep 30, 2020 11:56 am

Hi!

I've just setup elastiflow and started forwarding traffic flow (all interfaces) to that service.

I have a GeoIP block rule (FW Input) that rejects incoming packets outside of my country CIDR (working just fine). I can successfully see the rule working when looking at logs.

Looking at the elastiflow Threats dashboard, I see a bunch of IP's from other countries. Looking at the traffic details, I can't find an easy way to determine that the traffic was indeed rejected.

For some traffic the tcp flags are somewhat indicative of the action (RST, ECE]), but there's other traffic where it's difficult to assess what really happen (FIN, ACK, URG).

After a bit of search online, it seems that IPFIX v9 has a field named fowardingStatus, but it doesn't seem to exist in the available fields within Traffic Flow.

Is this in the roadmap? Is there a better field for me to filter/look for? How, for the ones that have similar solutions, look at such traffic (rejected)?

Appreciate your help in advance!

Who is online

Users browsing this forum: abrar226, Bing [Bot], bpwl, Eleanordum, Google [Bot] and 159 guests