graylog-plugin-netflow icon indicating copy to clipboard operation
graylog-plugin-netflow copied to clipboard

Published 20 hours ago verified publisher icon Graylog2

Support for IPFIX

Open rcord02 opened this issue 10 years ago • 7 comments

It would be awesome if you could add IPFIX support to this plugin. As it is a "open version of NetFlow" i think this is the right place for it. "NetFlow and IPFIX are flow or messaging technologies that are nearly identical. IPFIX is the official IETF standard and considered by some to be NetFlow v10. IPFIX allows for variable length strings and opens the technology up to allow vendors other than Cisco to export unique details about the traffic passing through their hardware." source: https://www.ipfixcollector.com/ To get a quick overview what it is: https://en.wikipedia.org/wiki/IP_Flow_Information_Export IPFIX compared to NetFlow v9: https://www.plixer.com/blog/netflow/what-is-ipfix-vs-netflow-v9/ related issue for logstash with further information for implementation stuff: https://github.com/logstash-plugins/logstash-codec-netflow/pull/10 Eventually helpful ipfix library: https://github.com/cameronkerrnz/libipfix

rcord02 avatar Sep 23 '15 15:09 rcord02

I would second this request.

59psi avatar Jan 29 '18 20:01 59psi

is a must

andreaconsadoriw avatar Feb 01 '18 05:02 andreaconsadoriw

We need this, pleeaaaaaase !!!

zez3 avatar Mar 09 '18 11:03 zez3

That would be great!

vladisluv avatar Jul 16 '18 12:07 vladisluv

+1

gwasserfall avatar Mar 20 '19 07:03 gwasserfall

is there any progress on this // Anders

dio99 avatar Apr 04 '19 14:04 dio99

I guess this ticket can be closed now. Thank you all for this https://docs.graylog.org/en/latest/pages/integrations/inputs/ipfix_input.html

zez3 avatar Feb 06 '20 19:02 zez3