On 19/09/2013 15:37, Andrew Feren wrote:
On 09/19/2013 08:56 AM, Tom Taylor wrote:
On 19/09/2013 8:07 AM, Juergen Schoenwaelder wrote:
On Thu, Sep 19, 2013 at 07:00:52AM -0400, Tom Taylor wrote:
In Behave, we are dealing with a potential logging architecture
where Device A generates the content but exports it in the form of
IPFIX records. Device B reformats the content into SYSLOG event
reports.
...
I would have to dig deeper into IPFIX to understand whether you can
always find out the hostname of the originator (since there might be
mediators involved as well) or whether there is another reliable way
to identify an IPFIX exporter.
/js
[PTT] Good point about IPFIX. RFC 5102 defines exporter IP address
fields, but not exporter name.
I think the not yet assigned "originalExporterIPv4Address" in
draft-ietf-ipfix-mediation-protocol may be closer to what you are
looking for.
Yes, see
http://tools.ietf.org/html/draft-ietf-ipfix-mediation-protocol-06#section-5
Regards, Benoit
Although that draft also has no originalExporterName
defined. Perhaps some name equivalents should be requested.
FWIW very recently 7012 obsoleted 5102 and "The IANA "IPFIX Information
Elements" registry [IANA-IPFIX] is the current complete reference for
IPFIX Information Elements." Still no exporterName element though. :-)
As to the original question I think it is much more useful if HOSTNAME
is Device A (the original source of the log)
-Andrew
_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg
.
_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg
