Logstash error netflow plugin

bendersky · October 13, 2017, 2:41am

Hello Everyone,
Netflow plugin from RPM version 5.6.3-1 give error on incoming connection

Hardware:   ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
Cisco Adaptive Security Appliance Software Version 9.8(1)5

[root@ logstash]# rpm -qa | grep logstash
logstash-5.6.3-1.noarch
[root@ logstash]# cat /etc/redhat-release 
CentOS Linux release 7.4.1708 (Core) 


[2017-10-12T22:16:59,556][INFO ][logstash.pipeline        ] Pipeline main started
[2017-10-12T22:16:59,567][INFO ][logstash.inputs.udp      ] Starting UDP listener {:address=>"0.0.0.0:9995"}
[2017-10-12T22:16:59,608][INFO ][logstash.inputs.udp      ] UDP listener started {:address=>"0.0.0.0:9995", 
:receive_buffer_bytes=>"16777216", :queue_size=>"2000"}
[2017-10-12T22:16:59,780][INFO ][logstash.agent           ] Successfully started Logstash API endpoint 
{:port=>9600}
[2017-10-12T22:17:26,060][ERROR][logstash.inputs.udp      ] Exception in inputworker {"exception"=>#
<BinData::UnRegisteredTypeError: uint64>, "backtrace"=>
["/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-2.4.1/lib/bindata/registry.rb:41:in `lookup'", 
"/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-2.4.1/lib/bindata/sanitize.rb:19:in `initialize'", 
"/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-2.4.1/lib/bindata/sanitize.rb:49:in `initialize'", 
"/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-2.4.1/lib/bindata/sanitize.rb:87:in `add_field'", 
"/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-2.4.1/lib/bindata/struct.rb:371:in `sanitize_fields'", 
"org/jruby/RubyArray.java:1613:in `each'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-
2.4.1/lib/bindata/struct.rb:370:in `sanitize_fields'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-
2.4.1/lib/bindata/sanitize.rb:266:in `sanitize_fields'", 
"/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-2.4.1/lib/bindata/sanitize.rb:283:in `sanitize'", 
"/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-2.4.1/lib/bindata/sanitize.rb:264:in 
`sanitize_fields'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-2.4.1/lib/bindata/struct.rb:369:in 
`sanitize_fields'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-2.4.1/lib/bindata/struct.rb:345:in 
`sanitize_parameters!'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-
2.4.1/lib/bindata/sanitize.rb:302:in `sanitize!'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-
2.4.1/lib/bindata/sanitize.rb:210:in `initialize'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-
2.4.1/lib/bindata/sanitize.rb:192:in `sanitize'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-
2.4.1/lib/bindata/base.rb:302:in `extract_args'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-
2.4.1/lib/bindata/base.rb:249:in `extract_args'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-
2.4.1/lib/bindata/base.rb:81:in `initialize'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-
 2.4.1/lib/bindata/warnings.rb:21:in `initialize_with_warning'", 
 "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-codec-netflow 
 3.5.2/lib/logstash/codecs/netflow.rb:215:in `decode_netflow9'", "org/jruby/RubyKernel.java:1242:in `catch'", " 
 "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-codec-netflow-
3.5.2/lib/logstash/codecs/netflow.rb:179:in `decode_netflow9'", 
"/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-2.4.1/lib/bindata/array.rb:208:in `each'", 
"org/jruby/RubyArray.java:1613:in `each'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-
2.4.1/lib/bindata/array.rb:208:in `each'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-codec-
netflow-3.5.2/lib/logstash/codecs/netflow.rb:178:in `decode_netflow9'", 
"/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-codec-netflow-
   3.5.2/lib/logstash/codecs/netflow.rb:117:in `decode'", 
   "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-2.4.1/lib/bindata/array.rb:208:in `each'", 
   "org/jruby/RubyArray.java:1613:in `each'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/bindata-
2.4.1/lib/bindata/array.rb:208:in `each'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-codec-
netflow-3.5.2/lib/logstash/codecs/netflow.rb:113:in `decode'", 
"/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-udp-
3.1.2/lib/logstash/inputs/udp.rb:118:inbox_tray:  `inputworker'", 
"/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-udp-3.1.2/lib/logstash/inputs/udp.rb:89:in 
`udp_listener'"]}

system · November 10, 2017, 2:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.