Movatterモバイル変換


[0]ホーム

URL:


Loading

Nmap codec plugin

For other versions, see theVersioned plugin docs.

For plugins not bundled by default, it is easy to install by runningbin/logstash-plugin install logstash-codec-nmap. SeeWorking with plugins for more details.

For questions about the plugin, open a topic in theDiscuss forums. For bugs or feature requests, open an issue inGithub. For the list of Elastic supported plugins, please consult theElastic Support Matrix.

This codec is used to parsenmap output data which is serialized in XML format. Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. For more information on nmap, seehttps://nmap.org/.

This codec can only be used for decoding data.

Event types are listed below

nmap_scan_metadata: An object containing top level information about the scan, including how many hosts were up, and how many were down. Useful for the case where you need to check if a DNS based hostname does not resolve, where both those numbers will be zero.nmap_host: One event is created per host. The full data covering an individual host, including open ports and traceroute information as a nested structure.nmap_port: One event is created per host/port. This duplicates data already innmap_host: This was put in for the case where you want to model ports as separate documents in Elasticsearch (which Kibana prefers).nmap_traceroute_link: One of these is output per tracerouteconnection, with afrom and ato object describing each hop. Note that traceroute hop data is not always correct due to the fact that each tracing ICMP packet may take a different route. Also very useful for Kibana visualizations.

  • Value type isboolean
  • Default value istrue

Emit all host data as a nested document (including ports + traceroutes) with the typenmap_fullscan

  • Value type isboolean
  • Default value istrue

Emit each port as a separate document with typenmap_port

  • Value type isboolean
  • Default value istrue

Emit scan metadata

  • Value type isboolean
  • Default value istrue

Emit each hop_tuple of the traceroute with typenmap_traceroute_link

Welcome to the docs for thelatest Elastic product versions, including Elastic Stack 9.0 and Elastic Cloud Serverless.To view previous versions, go toelastic.co/guide.


[8]ページ先頭

©2009-2025 Movatter.jp