Hitting error - Ignoring Netflow version v10

Elastic Stack Logstash
1

Hi I am a Logstash newbie. I am using python-ipfix module to generate IPFIX Packets and send it to LogStash on Localhost over port 10000. However, I am hitting the error - Ignoring Netflow version v10 {:level=>:warn} in Logstash. I have not changed anything in the yaml file for netflow.

Here is my Python Code for generating the IPFIX Packets -

import socket
import sys

# Create a TCP/IP socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Connect the socket to the port where the server is listening
server_address = ('localhost', 10000)
print('connecting to %s port %s' % server_address)
sock.connect(server_address)

#Import Requisite Modules
import ipfix.ie
import ipfix.template
import ipfix.message
from ipaddress import ip_address

rec = { "sourceIPv4Address" : ip_address("10.1.2.3"),"destinationIPv4Address" : ip_address("10.5.6.7")}
rec1 = { "sourceIPv4Address" : ip_address("10.1.2.4"),"destinationIPv4Address" : ip_address("10.5.6.6")}
#Information Elements Definition
ipfix.ie.use_iana_default()

#Template Definition
tmpl = ipfix.template.from_ielist(256,ipfix.ie.spec_list(("sourceIPv4Address","destinationIPv4Address")))
print(tmpl)

#Message Definition
msg = ipfix.message.MessageBuffer()
msg.begin_export(8304)
msg.add_template(tmpl)
print(msg)

msg.export_ensure_set(256)
print(msg)

msg.export_namedict(rec)
msg.export_namedict(rec1)
print(msg)

b = msg.to_bytes()
msg.begin_export()
print(msg)
try:

    # Send data
    message = b
    print('sending "%s"' % message)
    sock.sendall(message)
finally:
    print('closing socket')
    sock.close()

My Logstash config file looks like this -
input {
tcp {
host => localhost
port => 10000
codec => netflow {}
type => ipfix
}
}
output {
stdout { codec => rubydebug }
}

Please help me resolve this issue. Many thanks in advance :slight_smile:

2

What version are you on?

3

Mark, I am on logstash 2.2.4.

4

You need to upgrade to 5.X, netflow 10 isn't supported on that version - https://www.elastic.co/guide/en/logstash/2.2/plugins-codecs-netflow.html

1 Like
5

Thanks a lot Mark. I upgraded to 5.2 and it works like a charm. I have pasted the output below for completeness. Thanks a million!
{
"netflow" => {
"destinationIPv4Address" => "10.5.6.7",
"sourceIPv4Address" => "10.1.2.3",
"version" => 10
},
"@timestamp" => 2017-02-06T19:46:38.000Z,
"port" => 37854,
"@version" => "1",
"host" => "127.0.0.1",
"type" => "ipfix"
}
{
"netflow" => {
"destinationIPv4Address" => "10.5.6.6",
"sourceIPv4Address" => "10.1.2.4",
"version" => 10
},
"@timestamp" => 2017-02-06T19:46:38.000Z,
"port" => 37854,
"@version" => "1",
"host" => "127.0.0.1",
"type" => "ipfix"
}

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.