Logstash netscaler citrix input

perezdev · November 22, 2022, 4:21pm

Hello,

I'm trying to collect logs from Netscaler Citrix using ipfix protocol, but I'm not able to decode properly the message.

This is my input configuration file:

input {
  udp {
    port => 9913
    codec => netflow {
      versions => [10]
    }
  }
}

I received this warning from logstash: Can't (yet) decode flowset id 257 from observation domain id 0, because no template to decode it with has been received. This message will usually go away after 1 minute.

And I'm not able to see the content of the message from Netscaler.

Does anyone know what could be the issue?

perezdev · November 24, 2022, 11:57am

According to documentation of my logstash version (Netflow codec plugin | Logstash Reference [8.4] | Elastic) seems to be able to decode:

But we are not able to decode based on this error:

Can't (yet) decode flowset id 257 from observation domain id 0, because no template to decode it with has been received. This message will usually go away after 1 minute.

rcowart · December 5, 2022, 1:58pm

Logstash lacks support for most of the Netscaler IEs. You should try a trial license of ElastiFlow, which provides support for all vendor-specific IEs.

system · January 2, 2023, 1:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can not decode Citrix Netscaler IPFIX messages Logstash	8	1391	October 30, 2020
Logstash netflow codec says "no template has been received" but it did receive one Logstash	2	148	March 1, 2024
Can't (yet) decode flowset id 256 from source id 0, because no template to decode it with has been received. This message will usually go away after 1 minute on logstash 7.17 and elasticsearch 7.17 Logstash	1	376	July 5, 2023
Logstash Netflow Codec Plugin - "unsupported enterprise" error with IPFIX template Logstash	1	312	March 28, 2023
Netflow: Unsupported field in template Logstash	2	1729	March 14, 2018

Logstash netscaler citrix input

Related Topics