Hello.
logstash-codec-netflow version: 3.6.0
Operating System: Ubuntu 16.04
Config File: All files pertaining to logstash config is located here.
Issue:
If the netflow collector and the machine running logstash are running on the same IP subnet, logstash (and effectively the codec) does not have any problem in receiving the netflow data, parsing them and storing them in elastic search. However, issue arises when the netflow collector is in a different subnet than that of the machine running logstash. (eg. If the collector is on a 192.x.x.x network while the logstash machine is hosted on a 172.x.x.x network)
What seems to be very suspicious is that when they are on different subnets, logs don't even indicate that they are picking up the netflow packets, let alone rejecting them - the debug logs don't show anything happening.
Note: There is no problem pertaining to network reachability between the two machines as the netflow packets are indeed being received in the logstash machine when checked from wireshark.
Workaround:
It all works out if both the devices are on the same network, (say for eg. 192.x.x.x)
I've looked through the configuration of logstash and I don't see anything that explicitly restricts or forces such behavior and thus am
I'd appreciate some pointers in the right direction for this issue.
Thanks!