netflowedit

Note

This is a community-maintained plugin!

The "netflow" codec is for decoding Netflow v5/v9 flows.

 

Synopsisedit

This plugin supports the following configuration options:

Required configuration options:

netflow {
  }

Available configuration options:

Setting Input typeRequiredDefault value

cache_ttl

number

No

4000

definitions

a valid filesystem path

No

target

string

No

"netflow"

versions

array

No

[5, 9]

Detailsedit

 

cache_ttledit

  • Value type is number
  • Default value is 4000

Netflow v9 template cache TTL (minutes)

definitionsedit

  • Value type is path
  • There is no default value for this setting.

Override YAML file containing Netflow field definitions

Each Netflow field is defined like so:

---
id:
- default length in bytes
- :name
id:
- :uintN or :ip4_addr or :ip6_addr or :mac_addr or :string
- :name
id:
- :skip

See https://github.com/logstash-plugins/logstash-codec-netflow/blob/master/lib/logstash/codecs/netflow/netflow.yaml for the base set.

targetedit

  • Value type is string
  • Default value is "netflow"

Specify into what field you want the Netflow data.

versionsedit

  • Value type is array
  • Default value is [5, 9]

Specify which Netflow versions you will accept.