Cisco ASA netflow: Ignoring Netflow version v15409

Mario_van_Gemert · December 28, 2017, 1:36pm

Trying to "push" my Cisco ASA logs to Logstash. This results in an "Ignoring Netflow version v15409" error.

.conf:
input {
udp {
port => 9996
type => "netflow"
codec => netflow {
versions => [9]
}
}
}

output {
if [type] == "netflow" {
stdout { codec => rubydebug }
elasticsearch
{
hosts => ["localhost:9200"]
index => "netflow-%{+YYYY.MM.dd}"
}
}
}

Version Logstash is 6.1.0
ASA is using UDP
Do not have a separate template. Is this a possible way to solve this?

Mario_van_Gemert · December 29, 2017, 9:11am

Created filter, in stead of using codec. Problem solved .

system · January 26, 2018, 9:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.