[syslog-ng] Support for netflow logs
Raghunath Adhyapak
funduraghu at gmail.com
Mon Dec 2 15:19:10 UTC 2019
Thanks.
On Mon, Dec 2, 2019, 18:02 Laszlo Szemere (lszemere) <
Laszlo.Szemere at oneidentity.com> wrote:
> Hello Raghu,
> Netflow is indeed a binary protocol. Since Syslog-ng is a text based log
> management system, I think your only option is to find some kind of
> "gateway" for the Netflow traffic.
>
> The gateway should be able to receive and convert those packets into a
> text format. (At this point you will certainly loose some information,
> since not all network related bytes can be converted into a printable
> character. Or you should use some encoding on it.)
> This gateway might run as a stand alone application, or you can integrate
> it into Syslog-ng as a program (or python) source.
>
> Best regards,
> Laci
>
> ________________________________________
> From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Pal,
> Laszlo <vlad at vlad.hu>
> Sent: Wednesday, November 27, 2019 14:03
> To: Syslog-ng users' and developers' mailing list
> Subject: Re: [syslog-ng] Support for netflow logs
>
> CAUTION: This email originated from outside of the organization. Do not
> follow guidance, click links, or open attachments unless you recognize the
> sender and know the content is safe.
>
> I'm also interested in this. As I know there is no native netflow input in
> syslog-ng and when I did some research on it, it is not very easy. Logstash
> has a native netflow input and output, but it seems this is abandoned and
> not very stable. nxLog also support netflow but I'm not sure if it is only
> in the enterprise version or it is available in the CE too
>
> L:
>
>
> On Wed, Nov 27, 2019 at 1:58 PM Raghunath Adhyapak <funduraghu at gmail.com
> <mailto:funduraghu at gmail.com>> wrote:
> Hi,
>
> I was trying to receive Netflow logs from firewall devices in syslog-ng
> and then forward to a central server.
> Does syslog-ng support netflow such that I can validate and filter out all
> non-netflow log lines?
> I also dumped some netflow logs to a file and found it to be binary.
> Therefore I haven't been able to ascertain the format and filtering
> mechanism.
>
> Any pointers on this topic would be helpful.
>
> Thanks
> Raghu
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<
> https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CLaszlo.Szemere%40oneidentity.com%7C8184443d85744e714f7f08d7733a477f%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637104566463198370&sdata=85l75FHhoJ7%2Fl%2FLPMhe8OuP6ZY00oRpgW38XZFcigeY%3D&reserved=0
> >
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng<
> https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CLaszlo.Szemere%40oneidentity.com%7C8184443d85744e714f7f08d7733a477f%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637104566463208370&sdata=Dw5MDQ3N1r%2FZ1W9L3hoA%2FRq5I0qzKs16IFrwWEkwaGk%3D&reserved=0
> >
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq<
> https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CLaszlo.Szemere%40oneidentity.com%7C8184443d85744e714f7f08d7733a477f%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637104566463208370&sdata=nTLrYU59%2FG%2FRC6SxO83BWiBMb1qeHZ2z%2F%2FuEjJWddmo%3D&reserved=0
> >
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20191202/4d7bccd3/attachment.html>
More information about the syslog-ng
mailing list