I'm attempting to setup logstash(1.5.2) to accept netflow(ipfix) data from a Barracuda Network Gateway (F280). When i fire up logstash, I get the following warnings over and over.
←[33mIgnoring Netflow version v10 {:level=>:warn}←[0m
my configuration file looks like this
input {
udp {
port => 9995
codec => netflow
}
}
output {
stdout { }
elasticsearch { host => "127.0.0.1" }
}
appreciate any guidance that the community can provide.
The "netflow" codec is for decoding Netflow v5/v9 flows.
See Netflow codec plugin | Logstash Reference [8.11] | Elastic
Is there an IPFIX codec that is available?
Did you ever find a solution for IPFIX?
Yes, the latest versions of the codec can handle (some) ipfix data. You’ll just need to give it a shot for yours. Here’s a simple config.
input {
udp {
port => 9996
codec => netflow {
versions => [10]
target => "ipfix"
}
type => ipfix
}
}
output {
elasticsearch {
index => "logstash-netflow-%{+YYYY.MM.dd}"
hosts => ["192.168.100.24:9200","192.168.100.24:9201"]
}
}
Thank you. This was very helpful and I'm happy to finally get this up and running.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.