On 09/19/2013 08:56 AM, Tom Taylor wrote: > On 19/09/2013 8:07 AM, Juergen Schoenwaelder wrote: >> On Thu, Sep 19, 2013 at 07:00:52AM -0400, Tom Taylor wrote: >>> In Behave, we are dealing with a potential logging architecture >>> where Device A generates the content but exports it in the form of >>> IPFIX records. Device B reformats the content into SYSLOG event >>> reports. >>> > ... >> >> I would have to dig deeper into IPFIX to understand whether you can >> always find out the hostname of the originator (since there might be >> mediators involved as well) or whether there is another reliable way >> to identify an IPFIX exporter. >> >> /js >> > [PTT] Good point about IPFIX. RFC 5102 defines exporter IP address > fields, but not exporter name. I think the not yet assigned "originalExporterIPv4Address" in draft-ietf-ipfix-mediation-protocol may be closer to what you are looking for. Although that draft also has no originalExporterName defined. Perhaps some name equivalents should be requested.
FWIW very recently 7012 obsoleted 5102 and "The IANA "IPFIX Information Elements" registry [IANA-IPFIX] is the current complete reference for IPFIX Information Elements." Still no exporterName element though. :-) As to the original question I think it is much more useful if HOSTNAME is Device A (the original source of the log) -Andrew _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
