Netflow support for Brocade Vyatta routers

Elastic Stack Logstash
1

can logstash plugin for netflow support vyatta routers as well ?
i am able see my CISCO devices data on elk stack but not able to see the vyatta routers related data, i am aware of the supported exporters list that netflow plugin supports.

Currently VYATTA isn't supported, how hard it is to add support for VYATTA devices or what steps should be taken in order to support it ?

2

There were issues with older versions of the netflow codec, due to the MPLS Label Stack Octet related fields that are part of the Flow record sent by Vyatta (and VyOS) routers. It has worked fine since around November of last year. I use it with two VyOS routers as well as a Ubiquiti EdgeRouter (also a Vyatta community fork). What version of Logstash, or rather the netflow codec, are you using?

Rob

3

here are the logs i am seeing : http://dpaste.com/1YCGDTM
using this image https://hub.docker.com/r/sebp/elk/

$ docker images
sebp/elk latest ffd5c3b7cb7d 7 days ago 970.7 MB

Latest is ELK 5.3.0.

here are the configs i used to enable netflow on my gateway:

set system flow-accounting netflow sampling-rate '250'
set system flow-accounting netflow server {host_ip} port {netflow_port}
set system flow-accounting netflow timeout expiry-interval '60'
set system flow-accounting netflow timeout flow-generic '10'
set system flow-accounting netflow timeout icmp '10'
set system flow-accounting netflow timeout max-active-life '10'
set system flow-accounting netflow timeout tcp-fin '10'
set system flow-accounting netflow timeout tcp-generic '10'
set system flow-accounting netflow timeout tcp-rst '10'
set system flow-accounting netflow timeout udp '10'
set system flow-accounting netflow version '9'
set system flow-accounting syslog-facility 'daemon'

I am also able to see the data as well using:
tcpdump port 9995

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.