I'm also interested in this solution as I'm about to implement something
similar in our enterprise as well...
Either that or work on paying to develop something native to rsyslog to
accept the traffic and redistribute it.
On Fri, Jan 10, 2014 at 11:51 AM, Mike Hoskins (michoski) <
micho...@cisco.com> wrote:
> Still working out all the details, but have had luck using logstash behind
> lb to accept netflow inpup, then filter/output as desired...even back into
> rsyslog. ;-)
>
> input {
>
> # Syslog inputs
> udp {
> host => "a.b.c.d"
> port => 514
> type => "syslog"
> }
> tcp {
> host => "a.b.c.d"
> port => 514
> type => "syslog"
> }
>
> # Netflow input
> udp {
> host => "a.b.c.d"
> codec => netflow {}
> port => 2055
> type => "netflow"
> }
>
> # Dummy TCP ports for load balancer probes
> tcp {
> host => "a.b.c.d"
> port => 514
> type => "dummy"
> }
> tcp {
> host => "a.b.c.d"
> port => 2055
> type => "dummy"
> }
> }
>
>
> Last tcp bits being a hack to keep random garbage showing up from lb
> probes (my filters drop type dummy).
>
> -----Original Message-----
> From: Robert McIntyre <rjmci...@hotmail.com>
> Reply-To: rsyslog-users <rsyslog@lists.adiscon.com>
> Date: Friday, January 10, 2014 1:36 PM
> To: "rsyslog@lists.adiscon.com" <rsyslog@lists.adiscon.com>
> Subject: [rsyslog] Off-Topic: rsyslog-like equivalent for NetFlow?
>
> >Hello, folks! Apologies for this question; I know that it's off-topic,
> >but hope that it's not too far off. :)
> >
> >I have an infrastructure using rsyslog to receive, write to text file,
> >and forward syslog traffic. I now need to figure out a way to do the
> >same things with NetFlow data. I'm querying the internet, but haven't
> >found anything as turnkey as rsyslog is for syslog.
> >
> >Any suggestions?
> >
> >Thanks!
> >Robert
> >
> >
> >_______________________________________________
> >rsyslog mailing list
> >http://lists.adiscon.net/mailman/listinfo/rsyslog
> >http://www.rsyslog.com/professional-services/
> >What's up with rsyslog? Follow https://twitter.com/rgerhards
> >NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> >of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> >DON'T LIKE THAT.
>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
