Cool, thanks for the reply! Something in the distant future but something I've been asked to look at solving in an enterprise environment to push the current forwarding infrastructure (lancope) out for something more cost effective...
I think if I were to request something like this be developed I would hope to keep it opensource for maintenance reasons and I would also focus on a relatively recent/common subset of netflow versions. I knew netflow wouldn't be simple but there is also a lot of interest in our infrastructure as a general solution to ignore the possibilities and cost savings. On Sun, Nov 3, 2013 at 9:49 AM, David Lang <[email protected]> wrote: > by the way, net-snmp includes a program to receive SNMP traps and send > them to syslog, snmptrapd. so you may already have all the pieces available > to handle SNMP traps. > > looking at netflow, it looks like a mess to parse, and current versions > use SCTP instead of UDP for their transport. This just means that > implementing input and output modules is probably more work than I was > thinking when I wrote the message below. > > David Lang > > > On Sun, 3 Nov 2013, David Lang wrote: > > Date: Sun, 3 Nov 2013 08:25:12 -0800 (PST) >> From: David Lang <[email protected]> >> Reply-To: rsyslog-users <[email protected]> >> To: rsyslog-users <[email protected]> >> Subject: Re: [rsyslog] Question on 600$ dev cost. >> >> >> First off to be clear, I don't work for Adiscon. They are Rainer's >> employer and the primary sponsors of Rsyslog. That said, Rsyslog is >> opensource, so you can hire anyone to write something for you, so you could >> hire Pavel, me or anyone else to write something. Adiscon professional >> services can probably write it faster than the rest of us as they are the >> most familiar with the code, but you don't have to limit yourself to them. >> It is nice to throw business their way to thank them for their work, but if >> they are too backed up anything goes :-) >> >> >> There is already a onsnmp module, although it may need to be modified to >> do what you are looking for. >> >> Rainer and Adiscon tend to quote in Euros, not $, but you'll have to wait >> and see what he has to say as far as the price goes, I think you're asking >> for more items than a single ~$600 project, but we'll have to see. >> >> >> It sounds like what you are looking for is the following >> >> an input module that will accept SNMP traps and convert them to syslog >> messages >> >> an output module that will convert specially formatted syslog messages to >> SNMP traps (this may just be a modification/update of the existing omsnmp >> module) >> >> an input module that will accept netflow messages and convert them to >> syslog messages >> >> an output module that will convert messages to netflow format and send >> them >> >> netflow has a lot of different versions of the protocol, which versions >> did you want to support? do you need to be able to accept input in one >> format and send output in a different format? >> >> what message rate are you thinking of in terms of netflow messages? >> >> >> >> >> I would be thinking in terms of having the syslog message be a JSON >> formatted message containing all the pieces needed to recreate the original >> message, and the outputs looking for those specific tags. >> >> Given that the inputs are UDP, and they are one message per packet, it >> may not require full input modules, but rather just new parser modules that >> can be run from the existing imudp module >> >> I think I've seen comments that parser modules would be ~500 Euros for >> Adiscon/Rainer to write. >> >> David Lang >> >> >> On Sun, 3 Nov 2013, Nick Syslog wrote: >> >> Rainer/David, >>> >>> I was curious if the 600$ development costs for an "open" effort would be >>> possible for something like netflow/snmp inputs and outputs? >>> >>> Have had a lot of conversations lately with co-workers about the >>> possibility of having SNMP and Netflow routed via rsyslog but I know that >>> both of these aren't syslog either so I wanted to ultimately see what the >>> viability of something like this is first. >>> >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> >> _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
