[syslog-ng] Support for netflow logs

Mon Dec 2 12:32:32 UTC 2019

Hello Raghu,
 Netflow is indeed a binary protocol. Since Syslog-ng is a text based log management system, I think your only option is to find some kind of "gateway" for the Netflow traffic.

 The gateway should be able to receive and convert those packets into a text format. (At this point you will certainly loose some information, since not all network related bytes can be converted into a printable character. Or you should use some encoding on it.)
 This gateway might run as a stand alone application, or you can integrate it into Syslog-ng as a program (or python) source.

Best regards,
Laci

________________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Pal, Laszlo <vlad at vlad.hu>
Sent: Wednesday, November 27, 2019 14:03
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Support for netflow logs

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.

I'm also interested in this. As I know there is no native netflow input in syslog-ng and when I did some research on it, it is not very easy. Logstash has a native netflow input and output, but it seems this is abandoned and not very stable. nxLog also support netflow but I'm not sure if it is only in the enterprise version or it is available in the CE too

L:

On Wed, Nov 27, 2019 at 1:58 PM Raghunath Adhyapak <funduraghu at gmail.com<mailto:funduraghu at gmail.com>> wrote:
Hi,

I was trying to receive Netflow logs from firewall devices in syslog-ng and then forward to a central server.
Does syslog-ng support netflow such that I can validate and filter out all non-netflow log lines?
I also dumped some netflow logs to a file and found it to be binary. Therefore I haven't been able to ascertain the format and filtering mechanism.

Any pointers on this topic would be helpful.

Thanks
Raghu
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CLaszlo.Szemere%40oneidentity.com%7C8184443d85744e714f7f08d7733a477f%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637104566463198370&sdata=85l75FHhoJ7%2Fl%2FLPMhe8OuP6ZY00oRpgW38XZFcigeY%3D&reserved=0>
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CLaszlo.Szemere%40oneidentity.com%7C8184443d85744e714f7f08d7733a477f%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637104566463208370&sdata=Dw5MDQ3N1r%2FZ1W9L3hoA%2FRq5I0qzKs16IFrwWEkwaGk%3D&reserved=0>
FAQ: http://www.balabit.com/wiki/syslog-ng-faq<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CLaszlo.Szemere%40oneidentity.com%7C8184443d85744e714f7f08d7733a477f%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637104566463208370&sdata=nTLrYU59%2FG%2FRC6SxO83BWiBMb1qeHZ2z%2F%2FuEjJWddmo%3D&reserved=0>