[syslog-ng] Support for netflow logs

Raghunath Adhyapak funduraghu at gmail.com
Tue Dec 3 13:07:36 UTC 2019 

Hi,

I observe that timestamp and host is getting added to my netflow log before
being forwarded even though I am
using pure tcp driver for output and not syslog.

Raghu

On Mon, Dec 2, 2019, 20:49 Raghunath Adhyapak <funduraghu at gmail.com> wrote:

> Thanks.
>
> On Mon, Dec 2, 2019, 18:02 Laszlo Szemere (lszemere) <
> Laszlo.Szemere at oneidentity.com> wrote:
>
>> Hello Raghu,
>>  Netflow is indeed a binary protocol. Since Syslog-ng is a text based log
>> management system, I think your only option is to find some kind of
>> "gateway" for the Netflow traffic.
>>
>>  The gateway should be able to receive and convert those packets into a
>> text format. (At this point you will certainly loose some information,
>> since not all network related bytes can be converted into a printable
>> character. Or you should use some encoding on it.)
>>  This gateway might run as a stand alone application, or you can
>> integrate it into Syslog-ng as a program (or python) source.
>>
>> Best regards,
>> Laci
>>
>> ________________________________________
>> From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Pal,
>> Laszlo <vlad at vlad.hu>
>> Sent: Wednesday, November 27, 2019 14:03
>> To: Syslog-ng users' and developers' mailing list
>> Subject: Re: [syslog-ng] Support for netflow logs
>>
>> CAUTION: This email originated from outside of the organization. Do not
>> follow guidance, click links, or open attachments unless you recognize the
>> sender and know the content is safe.
>>
>> I'm also interested in this. As I know there is no native netflow input
>> in syslog-ng and when I did some research on it, it is not very easy.
>> Logstash has a native netflow input and output, but it seems this is
>> abandoned and not very stable. nxLog also support netflow but I'm not sure
>> if it is only in the enterprise version or it is available in the CE too
>>
>> L:
>>
>>
>> On Wed, Nov 27, 2019 at 1:58 PM Raghunath Adhyapak <funduraghu at gmail.com
>> <mailto:funduraghu at gmail.com>> wrote:
>> Hi,
>>
>> I was trying to receive Netflow logs from firewall devices in syslog-ng
>> and then forward to a central server.
>> Does syslog-ng support netflow such that I can validate and filter out
>> all non-netflow log lines?
>> I also dumped some netflow logs to a file and found it to be binary.
>> Therefore I haven't been able to ascertain the format and filtering
>> mechanism.
>>
>> Any pointers on this topic would be helpful.
>>
>> Thanks
>> Raghu
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<
>> https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CLaszlo.Szemere%40oneidentity.com%7C8184443d85744e714f7f08d7733a477f%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637104566463198370&sdata=85l75FHhoJ7%2Fl%2FLPMhe8OuP6ZY00oRpgW38XZFcigeY%3D&reserved=0
>> >
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng<
>> https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CLaszlo.Szemere%40oneidentity.com%7C8184443d85744e714f7f08d7733a477f%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637104566463208370&sdata=Dw5MDQ3N1r%2FZ1W9L3hoA%2FRq5I0qzKs16IFrwWEkwaGk%3D&reserved=0
>> >
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq<
>> https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CLaszlo.Szemere%40oneidentity.com%7C8184443d85744e714f7f08d7733a477f%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637104566463208370&sdata=nTLrYU59%2FG%2FRC6SxO83BWiBMb1qeHZ2z%2F%2FuEjJWddmo%3D&reserved=0
>> >
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20191203/2c10e845/attachment.html>

More information about the syslog-ng mailing list