Cisco ASA netflow: Ignoring Netflow version v15409

Elastic Stack Logstash
1

Trying to "push" my Cisco ASA logs to Logstash. This results in an "Ignoring Netflow version v15409" error.

.conf:
input {
udp {
port => 9996
type => "netflow"
codec => netflow {
versions => [9]
}
}
}

output {
if [type] == "netflow" {
stdout { codec => rubydebug }
elasticsearch
{
hosts => ["localhost:9200"]
index => "netflow-%{+YYYY.MM.dd}"
}
}
}

Version Logstash is 6.1.0
ASA is using UDP
Do not have a separate template. Is this a possible way to solve this?

2

Created filter, in stead of using codec. Problem solved :grinning:.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.