Re: [rsyslog] Off-Topic: rsyslog-like equivalent for NetFlow?

Mike Hoskins (michoski) Fri, 10 Jan 2014 10:52:37 -0800

Still working out all the details, but have had luck using logstash behind
lb to accept netflow inpup, then filter/output as desired...even back into
rsyslog.  ;-)


input {

  # Syslog inputs
  udp {
    host => "a.b.c.d"
    port => 514
    type => "syslog"
  }
  tcp {
    host => "a.b.c.d"
    port => 514
    type => "syslog"
  }

  # Netflow input
  udp {
    host => "a.b.c.d"
    codec => netflow {}
    port => 2055
    type => "netflow"
  }

  # Dummy TCP ports for load balancer probes
  tcp {
    host => "a.b.c.d"
    port => 514
    type => "dummy"
  }
  tcp {
    host => "a.b.c.d"
    port => 2055
    type => "dummy"
  }
}


Last tcp bits being a hack to keep random garbage showing up from lb
probes (my filters drop type dummy).

-----Original Message-----
From: Robert McIntyre <[email protected]>
Reply-To: rsyslog-users <[email protected]>
Date: Friday, January 10, 2014 1:36 PM
To: "[email protected]" <[email protected]>
Subject: [rsyslog] Off-Topic: rsyslog-like equivalent for NetFlow?

>Hello, folks!  Apologies for this question; I know that it's off-topic,
>but hope that it's not too far off. :)
> 
>I have an infrastructure using rsyslog to receive, write to text file,
>and forward syslog traffic.  I now need to figure out a way to do the
>same things with NetFlow data.  I'm querying the internet, but haven't
>found anything as turnkey as rsyslog is for syslog.
> 
>Any suggestions?
> 
>Thanks!
>Robert
> 
>                                         
>_______________________________________________
>rsyslog mailing list
>http://lists.adiscon.net/mailman/listinfo/rsyslog
>http://www.rsyslog.com/professional-services/
>What's up with rsyslog? Follow https://twitter.com/rgerhards
>NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Off-Topic: rsyslog-like equivalent for NetFlow?

Reply via email to