logstash-codec-netflow icon indicating copy to clipboard operation
logstash-codec-netflow copied to clipboard

Published 20 hours ago verified publisher icon logstash-plugins

Can't (yet) decode flowset id 3282 from source id 512

Open yankai312 opened this issue 5 years ago • 7 comments

  • Version:logstash_6.7.1
  • Operating System:RED Hat 4.8.5-16
  • Sample Data: netflow.pcap.zip
  • Steps to Reproduce: [WARN ][logstash.codecs.netflow ] Can't (yet) decode flowset id 3281 from source id 512, because no template to decode it with has been received. This message will usually go away after 1 minute. [WARN ][logstash.codecs.netflow ] Can't (yet) decode flowset id 3282 from source id 512, because no template to decode it with has been received. This message will usually go away after 1 minute.

yankai312 avatar Apr 10 '19 08:04 yankai312

What kind of device/app was the source of these flow records?

robcowart avatar Apr 30 '19 15:04 robcowart

关于Can't (yet) decode flowset id 3282 from source id 512:请问你解决了嘛?

huangyingcheng avatar Aug 19 '19 09:08 huangyingcheng

解决了,我自己写了个接收器

---Original--- From: "huangyingcheng"[email protected] Date: Mon, Aug 19, 2019 17:31 PM To: "logstash-plugins/logstash-codec-netflow"[email protected]; Cc: "yankai312"[email protected];"Author"[email protected]; Subject: Re: [logstash-plugins/logstash-codec-netflow] Can't (yet) decode flowset id 3282 from source id 512 (#176)

关于Can't (yet) decode flowset id 3282 from source id 512:请问你解决了嘛?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

yankai312 avatar Aug 19 '19 11:08 yankai312

@yankai312 to help the rest of the community, can you share which device type these flows are from? Thanks.

robcowart avatar Nov 16 '19 09:11 robcowart

解决了,我自己写了个接收器 ---Original--- From: "huangyingcheng"[email protected] Date: Mon, Aug 19, 2019 17:31 PM To: "logstash-plugins/logstash-codec-netflow"[email protected]; Cc: "yankai312"[email protected];"Author"[email protected]; Subject: Re: [logstash-plugins/logstash-codec-netflow] Can't (yet) decode flowset id 3282 from source id 512 (#176) 关于Can't (yet) decode flowset id 3282 from source id 512:请问你解决了嘛? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

大佬 能看一下你写的接收器么

zlandyberg avatar Jan 08 '20 14:01 zlandyberg

Can't (yet) decode flowset id 1315 from source id 2, because no template to decode it with has been received. This message will usually go away after 1 minute. 大佬能帮忙看一下这个报错什么原因呢吗

tiangaojie avatar Jun 08 '22 03:06 tiangaojie

@yankai312 请问, input { udp { port => 8067 type => netflow codec => netflow { versions => [9] } } } output { stdout {codec => rubydebug} elasticsearch { hosts => ["http://0.0.0.0:9200"] index=> "netstream-udp" } } error: Can't (yet) decode flowset id 1315 from source id 2, because no template to decode it with has been received. This message will usually go away after 1 minute.

problem: What does it say on your receiver。Maybe my receiver is writing the wrong way

tiangaojie avatar Jun 08 '22 03:06 tiangaojie