Hello,
I have the following Netflow config:
input {
udp {
host => "0.0.0.0"
port => 5599
codec => netflow {
definitions => "/home/t/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-codec-netflow-2.0.3/lib/logstash/codecs/netflow/netflow.yaml"
versions => [5,9,10]
}
}
}
I have a CIsco ASR1002 router sending the message with following configuration:
flow record NETFLOW_RECORD
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect routing next-hop address ipv4
collect ipv4 dscp
collect ipv4 ttl minimum
collect ipv4 ttl maximum
collect transport tcp flags
collect interface output
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect application name
Getting this message:
{:timestamp=>"2016-05-04T22:05:32.909000+0000", :message=>"No matching template for flow id 257", :level=>:warn}
{:timestamp=>"2016-05-04T22:05:32.915000+0000", :message=>"No matching template for flow id 257", :level=>:warn}
Some of the topics recommend to update netflow.yaml, but non of them mention anything about this 257 id. If someone has something specific would really appreciate it