IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.

« multiline nmap »

› ›

netflow

edit

netflow

edit

This is a community-maintained plugin!

The "netflow" codec is for decoding Netflow v5/v9 flows.

Synopsis

edit

This plugin supports the following configuration options:

Required configuration options:

netflow {
  }

Available configuration options:

Setting	Input type	Required	Default value
`cache_ttl`	number	No	`4000`
`definitions`	a valid filesystem path	No
`target`	string	No	`"netflow"`
`versions`	array	No	`[5, 9]`

Details

edit

`cache_ttl`

edit

Value type is number
Default value is 4000

Netflow v9 template cache TTL (minutes)

`definitions`

edit

Value type is path
There is no default value for this setting.

Override YAML file containing Netflow field definitions

Each Netflow field is defined like so:

id:
- default length in bytes
- :name
id:
- :uintN or :ip4_addr or :ip6_addr or :mac_addr or :string
- :name
id:
- :skip

See https://github.com/logstash-plugins/logstash-codec-netflow/blob/master/lib/logstash/codecs/netflow/netflow.yaml for the base set.

`target`

edit

Value type is string
Default value is "netflow"

Specify into what field you want the Netflow data.

`versions`

edit

Value type is array
Default value is [5, 9]

Specify which Netflow versions you will accept.

« multiline nmap »