Hoping someone has configured logstash to receive Cisco telemetry before, I'm able to receive the events but can't decode the telemetry.
I'm getting the folowing error from logstash:
[2022-09-01T09:01:23,341][WARN ][logstash.codecs.protobuf ][main][5b26f792bafc7856fdecc497707a95dcde8f9f5de9e9b7e97681e3ebe3629795] Couldn't decode protobuf: #<RuntimeError: Protocol message contained an invalid tag (zero).>.
Protofile is sourced from Cisco: [bigmuddy-network-telemetry-proto/telemetry.proto at final · CiscoDevNet/bigmuddy-network-telemetry-proto · GitHub)
Specifically I'm using the telemetry.proto file which has been compiled with the google protoc binaries.
Logstash configuration file:
input {
tcp {
port => 5514
type => syslog
codec => protobuf
{
class_name => "telemetry.Telemetry"
class_file => '/bp2/data/telemetry_pb.rb'
protobuf_root_directory => "/bp2/data/"
protobuf_version => 3
}
}
}