Hi. I'm using ipt-netflow (https://github.com/aabc/ipt-netflow) to send netflow data at logstash.
I am getting this.
{:timestamp=>"2016-06-30T17:26:06.068000+0000", :message=>"Pipeline main started"}
{:timestamp=>"2016-06-30T17:26:13.768000+0000", :message=>"Unsupported Netflow version v10", :level=>:warn}
{:timestamp=>"2016-06-30T17:26:14.959000+0000", :message=>"Unsupported Netflow version v10", :level=>:warn}
{:timestamp=>"2016-06-30T17:26:14.960000+0000", :message=>"Unsupported Netflow version v10", :level=>:warn}
{:timestamp=>"2016-06-30T17:26:14.961000+0000", :message=>"Unsupported Netflow version v10", :level=>:warn}
{:timestamp=>"2016-06-30T17:26:14.962000+0000", :message=>"Unsupported Netflow version v10", :level=>:warn}
It was accepting v5 without a problem, but I really need v10 to work.
I'm using the docker with the logstash:latest container.
logstash-codec-netflow is installed.
Here is my logstash config.
input {
udp {
port => 5656
codec => netflow {
versions => [10]
target => ipfix
}
type => ipfix
}
}
filter {
json {
source => "message"
}
}
output {
elasticsearch {
hosts => "elasticsearch:9200"
index => "netflow-%{+YYYY.MM.dd}"
}
}
Here is my ipt-netflow config
sysctl net.netflow
net.netflow.active_timeout = 1800
net.netflow.debug = 0
net.netflow.destination = 45.56.96.253:5656
net.netflow.flush = 0
net.netflow.hashsize = 127232
net.netflow.inactive_timeout = 15
net.netflow.maxflows = 2000000
net.netflow.protocol = 10
net.netflow.refresh-rate = 20
net.netflow.scan-min = 1
net.netflow.sndbuf = 212992
net.netflow.timeout-rate = 30
Happy to include anything else needed, Not sure where else to start.
Any help is appreciated.
Thanks.