Ok I can replay your pcap to my Logstash instance.
One sample of what I get:
{
"netflow" => {
"destinationIPv4Address" => "10.99.252.50",
"octetTotalCount" => 65,
"destinationTransportPort" => 53,
"flowStartSysUpTime" => 2395375053,
"sourceIPv4Address" => "10.99.130.239",
"flowEndSysUpTime" => 2395395322,
"flowDurationMilliseconds" => 20269,
"ingressInterface" => 48660,
"version" => 10,
"packetDeltaCount" => 0,
"firewallEvent" => 2,
"protocolIdentifier" => 17,
"sourceMacAddress" => "00:00:00:00:00:00",
"egressInterface" => 26092,
"octetDeltaCount" => 0,
"sourceTransportPort" => 65105,
"packetTotalCount" => 1
},
"@timestamp" => 2017-06-29T13:58:28.000Z,
"@version" => "1",
"host" => "172.16.32.201",
"tags" => []
}
I'm not sure what the issue is. These docker containers are given an IP on a private network on the host side right? So the Barracuda firewall cannot reach the container unless there is some port forwarding setup on the host?