Netflow Template length doesn't fit cleanly into flowset

lumi · September 25, 2017, 12:12pm

Hello

I have got a fortigate. It should send Netflow Data to my elk stack.
But i alway get this message:

[2017-09-25T14:02:53,313][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>258, :template_length=>57, :record_length=>64}
[2017-09-25T14:02:53,317][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>258, :template_length=>57, :record_length=>64}
[2017-09-25T14:02:53,321][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>258, :template_length=>57, :record_length=>64}
[2017-09-25T14:02:53,329][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>258, :template_length=>57, :record_length=>64}
[2017-09-25T14:02:53,325][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>262, :template_length=>69, :record_length=>76}
[2017-09-25T14:02:53,347][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>262, :template_length=>69, :record_length=>76}
[2017-09-25T14:02:53,353][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>262, :template_length=>69, :record_length=>76}
[2017-09-25T14:02:53,370][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>262, :template_length=>69, :record_length=>76}
[2017-09-25T14:02:53,385][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>262, :template_length=>69, :record_length=>76}
[2017-09-25T14:02:53,390][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>262, :template_length=>69, :record_length=>76}
[2017-09-25T14:02:53,542][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>262, :template_length=>69, :record_length=>76}
[2017-09-25T14:02:53,871][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>262, :template_length=>69, :record_length=>76}
[2017-09-25T14:02:53,877][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>262, :template_length=>69, :record_length=>76}
[2017-09-25T14:02:53,969][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>262, :template_length=>69, :record_length=>76}
[2017-09-25T14:02:53,972][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>262, :template_length=>69, :record_length=>76}
[2017-09-25T14:02:53,996][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>262, :template_length=>69, :record_length=>76}
[2017-09-25T14:02:54,051][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>262, :template_length=>69, :record_length=>76}
[2017-09-25T14:02:54,058][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>262, :template_length=>69, :record_length=>76}
[2017-09-25T14:02:54,097][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>262, :template_length=>69, :record_length=>76}
[2017-09-25T14:02:54,111][WARN ][logstash.codecs.netflow  ] Template length doesn't fit cleanly into flowset {:template_id=>262, :template_length=>69, :record_length=>76}

Can anybody help me?
Is it possible to change the Template ?

Kind regards
Lumi

warkolm · September 26, 2017, 5:00am

Please show your config and what version of the stack you are using.

lumi · September 26, 2017, 7:11am

Thats the netflow part of my config in /etc/logstash/conf.d

input {
 udp {
                port => XXX
                type => netflow
                codec => netflow
                }

}


output {

        if ( [type] == "netflow" ) {
         elasticsearch {
                hosts => [ "XXX:9200" ]
                index => "netflow-%{+YYYY.MM.dd}"
                user => XX
                password => XX
  }
 }
}

I am using the elk version 5.6.1
The logstash-output-elasticsearch plugin is 7.4.1

Sjaak01 · September 27, 2017, 2:41am

NVM, not the same error.

lumi · September 27, 2017, 5:59am

Do you think there is no solution available ?

system · October 25, 2017, 5:59am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.