nProbe icon indicating copy to clipboard operation
nProbe copied to clipboard

Published 20 hours ago verified publisher icon ntop

Add an INFO information element to export flow info without the need of plugins

Open simonemainardi opened this issue 4 years ago • 1 comments

It would be desirable to have an %NTOPNG_ENTERPRISE_INFO IE containing information which is similar to the wireshark INFO column or the ntopng INFO column. Such IE would contain nDPI-provided data:

  • The host name for HTTP flows
  • The DNS query for DNS flows
  • the SNI for TLS flows

etc.

This can be used to populate ntopng fields without the need to enable nProbe plugins and having independent IEs now listed in @NTOPNG@ template.

To cleanup, it would be nice to have nDPI generating this column, so that it can be unified with method Flow::getFlowInfo of ntopng.

simonemainardi avatar Jul 14 '21 19:07 simonemainardi

Implemented in %L7_INFO

lucaderi avatar Jul 16 '21 15:07 lucaderi