Using Softflowd to send IPFIX data to logstash


(red der) #1

Looking at the docs it says I can use Softflowd to send IPFIX traffic to logstash: https://www.elastic.co/guide/en/logstash/current/plugins-codecs-netflow.html#_description_154

I can find any examples though of how to do this. Is there any documentation for using Softflowd to send IPFIX data to logstash?


(Guy Boertje) #2

@jorritfolmer - Please would you be so kind as to give us some pointers here?


(Jorrit Folmer CISSP) #3

Sure, first you should make sure a compiler, libpcap headers, autoconf and autoheader utils are installed. On RHEL or CENTOS Linux distributions this is done through:

yum install autoconf gcc libpcap-devel

Then:

git clone https://github.com/djmdjm/softflowd.git
cd softflowd
autoconf
autoheader
./configure
make
./softflowd -v 10 -P udp -n yourlogstashinstance:4739

(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.