Migration from ipfixcol to ipfixcol2

[neotheonce]

We are using ipfixcol on CentOS7 now migrating to ipfixcol2 version. We have built it on Ubuntu 22

Following is current ipfixcol (old version) startup.xml

`<?xml version="1.0" encoding="UTF-8"?>

UDP collector Listening port 2055 2055 1800 1800 172.16.101.215 File writer UDP /tmp/ipfixcol_stat.log File writer UDP Write to /tmp folder kafka false no kafka-1:6667,kafka-2:6667,kafka-3:6667 ipfix-other false 8 no fid,tcpCB,sourceASN,destASN,nextHop,flowSmplr ipfix ipfix ipfix ipfix none yes

` I need help in creating equivalent ipfixcol2 startup.xml. I gone through ipfixcol2 and kafka documentations but could not find any pointer to get above working with new collector.

-- Thanks, P

[Lukas955]

Hi,

all you need to do is to combine UDP plugin and JSON plugin. Example configuration file is available here.

In you case, basic configuration should look like this (not tested):

<ipfixcol2>
  <!-- Input plugins -->
  <inputPlugins>
    <input>
      <name>UDP collector</name>
      <plugin>udp</plugin>
      <params>
        <localPort>2055</localPort>
        <templateLifeTime>1800</templateLifeTime>
        <optionsTemplateLifeTime>1800</optionsTemplateLifeTime>
        <localIPAddress>172.16.101.215</localIPAddress>
      </params>
    </input>
  </inputPlugins>

  <!-- Output plugins -->
  <outputPlugins>
    <output>
      <name>JSON output</name>
      <plugin>json</plugin>
      <params>
        <ignoreUnknown>false</ignoreUnknown>
        <nonPrintableChar>false</nonPrintableChar>
        <!-- see JSON plugin documentation for additional formating parameters -->

        <outputs>
          <kafka>
            <name>Send to Kafka</name>
            <brokers>kafka-1:6667,kafka-2:6667,kafka-3:6667</brokers>
            <topic>ipfix-other</topic>
            <blocking>false</blocking>
            <partition>unassigned</partition>

            <!-- Zero or more additional librdkafka properties -->
            <!--
            <property>
              <key>compression.codec</key>
              <value>lz4</value>
            </property>
            -->
          </kafka>        
        </outputs>
      </params>
    </output>
  </outputPlugins>
</ipfixcol2>

However, I noticed that you configuration contains additional parameters (e.g. ignoredFieldNames, useAvro, ...) that are not present in the previous plugin. You seem to be using some custom modifications.

Lukas

[neotheonce]

Hello Lukas,

Thanks for your prompt response. Leaving custom parameters aside, I am more interested in porting below configuration in ipfixcol2. Will this work if I copy paste it as it is in side tags ?. OR is there any other way to use specific topic based on incoming data?

                           <ignoredFieldNames>fid,tcpCB,sourceASN,destASN,nextHop,flowSmplr</ignoredFieldNames>
                            <topics>
                               <topic><name>ipfix</name><field id="16"/></topic>
                               <topic><name>ipfix</name><field enterprise="9" id="12236"/></topic>
                               <topic><name>ipfix</name><field enterprise="9" id="4246"/></topic>
                               <topic><name>ipfix</name><field enterprise="4294967295" id="4331"/></topic>
                            </topics> 

[Lukas955]

Hi,

Copy and paste will not work. These are parameters that even the original plugin (from the former ipfixcol) did not implement at all. Someone from your company probably added this functionality to their own copy of the plugin. I honestly have no idea what these parameters of yours are supposed to do.

Lukas