Re: [rsyslog] Off-Topic: rsyslog-like equivalent for NetFlow?

Fri, 10 Jan 2014 10:52:37 -0800 

Still working out all the details, but have had luck using logstash behind
lb to accept netflow inpup, then filter/output as desired...even back into
rsyslog.  ;-)

input {

  # Syslog inputs
  udp {
    host => "a.b.c.d"
    port => 514
    type => "syslog"
  }
  tcp {
    host => "a.b.c.d"
    port => 514
    type => "syslog"
  }

  # Netflow input
  udp {
    host => "a.b.c.d"
    codec => netflow {}
    port => 2055
    type => "netflow"
  }

  # Dummy TCP ports for load balancer probes
  tcp {
    host => "a.b.c.d"
    port => 514
    type => "dummy"
  }
  tcp {
    host => "a.b.c.d"
    port => 2055
    type => "dummy"
  }
}


Last tcp bits being a hack to keep random garbage showing up from lb
probes (my filters drop type dummy).

-----Original Message-----
From: Robert McIntyre <rjmci...@hotmail.com>
Reply-To: rsyslog-users <rsyslog@lists.adiscon.com>
Date: Friday, January 10, 2014 1:36 PM
To: "rsyslog@lists.adiscon.com" <rsyslog@lists.adiscon.com>
Subject: [rsyslog] Off-Topic: rsyslog-like equivalent for NetFlow?

>Hello, folks!  Apologies for this question; I know that it's off-topic,
>but hope that it's not too far off. :)
> 
>I have an infrastructure using rsyslog to receive, write to text file,
>and forward syslog traffic.  I now need to figure out a way to do the
>same things with NetFlow data.  I'm querying the internet, but haven't
>found anything as turnkey as rsyslog is for syslog.
> 
>Any suggestions?
> 
>Thanks!
>Robert
> 
>                                         
>_______________________________________________
>rsyslog mailing list
>http://lists.adiscon.net/mailman/listinfo/rsyslog
>http://www.rsyslog.com/professional-services/
>What's up with rsyslog? Follow https://twitter.com/rgerhards
>NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to