node-netflowv9 icon indicating copy to clipboard operation
node-netflowv9 copied to clipboard

Published 20 hours ago verified publisher icon delian

Is IPFIX going to be supported?

Open kmpm opened this issue 10 years ago • 5 comments

I know it's more like IPFIX = NetFlow V10 and this project says V9. Vyos seems to include IPFIX types within it's V9 netflow packets. So unless they are included this library seems unusable for that.

kmpm avatar Jul 01 '14 13:07 kmpm

Can you give me the spec of IPFIX so I can compare. Currently I have been using the Cisco own netflow v9 spec given on their web site?

delian avatar Jul 01 '14 16:07 delian

In Ciscos whitepaper about V9 package format ( http://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9.html ) there is a link to a document describing type 128 to 32768.

http://www.iana.org/assignments/ipfix/ipfix.xhtml

kmpm avatar Jul 02 '14 06:07 kmpm

Hello, Generally all of the IPFIX fields (with the exception of the floating point ones) are now implemented. The floating points are decoded too, but not are not yet represented as floating point

delian avatar Feb 05 '16 21:02 delian

First thanks for the good work, I really need this IPFIX feature, as you may be busy I'm interested in adding it myself, but would you please provide me some general guides so I don't have to go through all of the codes.

rahbari avatar Jun 22 '17 05:06 rahbari

It is actually already supported. However not all fields are automatically decoded. From the standard fields all floating point are not decoded (I have no ipfix source so I am unable to verify the type). If those fields are not an issue, then you can use this library as is. If that is an issue there are two options - 1) write decoder yourself (use the given example in the Readme) or 2) send me a file with ipfix data collected by tcpdump -w file -s 0...

On Thu, 22 Jun 2017 at 07:35, rahbari [email protected] wrote:

First thanks for the good work, I really need this IPFIX feature, as you may be busy I'm interested in adding it myself, but would you please provide me some general guides so I don't have to go through all of the codes.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/delian/node-netflowv9/issues/2#issuecomment-310280251, or mute the thread https://github.com/notifications/unsubscribe-auth/AAG7ZqLXNIJy7UdFECqy7v5TFYQWuE2cks5sGf0JgaJpZM4CJLV3 .

--

Delian

delian avatar Jun 22 '17 06:06 delian