Logstash unable to decode Cisco protobuf

Siddarajgj · September 1, 2022, 9:13am

Hoping someone has configured logstash to receive Cisco telemetry before, I'm able to receive the events but can't decode the telemetry.

I'm getting the folowing error from logstash:

[2022-09-01T09:01:23,341][WARN ][logstash.codecs.protobuf ][main][5b26f792bafc7856fdecc497707a95dcde8f9f5de9e9b7e97681e3ebe3629795] Couldn't decode protobuf: #<RuntimeError: Protocol message contained an invalid tag (zero).>.

Protofile is sourced from Cisco: [bigmuddy-network-telemetry-proto/telemetry.proto at final · CiscoDevNet/bigmuddy-network-telemetry-proto · GitHub)
Specifically I'm using the telemetry.proto file which has been compiled with the google protoc binaries.

Logstash configuration file:
input {
tcp {
port => 5514
type => syslog
codec => protobuf
{
class_name => "telemetry.Telemetry"
class_file => '/bp2/data/telemetry_pb.rb'
protobuf_root_directory => "/bp2/data/"
protobuf_version => 3
}
}
}

system · September 29, 2022, 9:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash unable to decode Cisco protobuf Logstash	4	1133	October 9, 2020
Couldn't decode protobuf: #<RuntimeError: Protocol message tag had invalid wire type.> Logstash	2	2306	June 15, 2018
Couldn't decode protobuf: #<RuntimeError: Protocol message tag had invalid wire type Logstash	1	1679	June 21, 2018
Couldn't decode protobuf Logstash	1	717	September 29, 2018
Unbale to decode Message using protobuf logstahs plusgin which is encoded using python or ruby? Logstash	1	1005	June 15, 2018

Logstash unable to decode Cisco protobuf

Related topics