Netflow Logstash V9 not working not getting any logs

jorritfolmer · June 29, 2017, 3:43pm

Ok I can replay your pcap to my Logstash instance.
One sample of what I get:

{
       "netflow" => {
          "destinationIPv4Address" => "10.99.252.50",
                 "octetTotalCount" => 65,
        "destinationTransportPort" => 53,
              "flowStartSysUpTime" => 2395375053,
               "sourceIPv4Address" => "10.99.130.239",
                "flowEndSysUpTime" => 2395395322,
        "flowDurationMilliseconds" => 20269,
                "ingressInterface" => 48660,
                         "version" => 10,
                "packetDeltaCount" => 0,
                   "firewallEvent" => 2,
              "protocolIdentifier" => 17,
                "sourceMacAddress" => "00:00:00:00:00:00",
                 "egressInterface" => 26092,
                 "octetDeltaCount" => 0,
             "sourceTransportPort" => 65105,
                "packetTotalCount" => 1
    },
    "@timestamp" => 2017-06-29T13:58:28.000Z,
      "@version" => "1",
          "host" => "172.16.32.201",
          "tags" => []
}

I'm not sure what the issue is. These docker containers are given an IP on a private network on the host side right? So the Barracuda firewall cannot reach the container unless there is some port forwarding setup on the host?

Topic		Replies	Views
UDP netflow packets arrive, netflow does not process them Logstash	6	1577	April 3, 2019
Netflow v9 not being recieved over UDP Logstash	6	1522	November 1, 2017
Docker Container Logstash not getting any logs Logstash	3	1932	August 7, 2017
[SOLVED] Stuck on getting netflow data into logstash Logstash	4	2180	July 6, 2017
Input UDP/ netflow no listenning Logstash	2	769	April 19, 2017

Netflow Logstash V9 not working not getting any logs

Related topics