I am experiencing an error on decoding messages from a Cisco ASR 1k.
Graylog version is Graylog v2.3.1+9f2c6ef, and Netflow Plugin is 2.3.0-rc.5.
Attached is the PCAP file for the messages.
Following is the error message:
2017-10-05T13:19:17.396-03:00 ERROR [DecodingProcessor] Unable to decode raw message RawMessage{id=ef8299f0-a9e8-11e7-aa1d-001a4a160183, journalOffset=68844, codec=netflow, payloadSize=102, timestamp=2017-10-05T16:19:17.391Z, remoteAddress=/172.30.30.51:54375} on input <59d5a3075c9eef39fabd64d0>.
2017-10-05T13:19:17.396-03:00 ERROR [DecodingProcessor] Error processing message RawMessage{id=ef8299f0-a9e8-11e7-aa1d-001a4a160183, journalOffset=68844, codec=netflow, payloadSize=102, timestamp=2017-10-05T16:19:17.391Z, remoteAddress=/172.30.30.51:54375}
java.lang.NullPointerException: null
at org.graylog.plugins.netflow.flows.NetFlowFormatter.toMessageString(NetFlowFormatter.java:54) ~[?:?]
at org.graylog.plugins.netflow.flows.NetFlowFormatter.toMessage(NetFlowFormatter.java:119) ~[?:?]
at org.graylog.plugins.netflow.codecs.NetFlowCodec.lambda$decodeV9$2(NetFlowCodec.java:160) ~[?:?]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) ~[?:1.8.0_144]
at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175) ~[?:1.8.0_144]
at java.util.Collections$2.tryAdvance(Collections.java:4717) ~[?:1.8.0_144]
at java.util.Collections$2.forEachRemaining(Collections.java:4725) ~[?:1.8.0_144]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) ~[?:1.8.0_144]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) ~[?:1.8.0_144]
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708) ~[?:1.8.0_144]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:1.8.0_144]
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499) ~[?:1.8.0_144]
at org.graylog.plugins.netflow.codecs.NetFlowCodec.lambda$decodeV9$3(NetFlowCodec.java:161) ~[?:?]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) ~[?:1.8.0_144]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1374) ~[?:1.8.0_144]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) ~[?:1.8.0_144]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) ~[?:1.8.0_144]
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708) ~[?:1.8.0_144]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:1.8.0_144]
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499) ~[?:1.8.0_144]
at org.graylog.plugins.netflow.codecs.NetFlowCodec.decodeV9(NetFlowCodec.java:163) ~[?:?]
at org.graylog.plugins.netflow.codecs.NetFlowCodec.decodeMessages(NetFlowCodec.java:134) ~[?:?]
at org.graylog2.shared.buffers.processors.DecodingProcessor.processMessage(DecodingProcessor.java:144) ~[graylog.jar:?]
at org.graylog2.shared.buffers.processors.DecodingProcessor.onEvent(DecodingProcessor.java:87) [graylog.jar:?]
at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:74) [graylog.jar:?]
at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:42) [graylog.jar:?]
at com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:143) [graylog.jar:?]
at com.codahale.metrics.InstrumentedThreadFactory$InstrumentedRunnable.run(InstrumentedThreadFactory.java:66) [graylog.jar:?]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_144]
Hello,
I am experiencing an error on decoding messages from a Cisco ASR 1k.
Graylog version is Graylog v2.3.1+9f2c6ef, and Netflow Plugin is 2.3.0-rc.5.
Attached is the PCAP file for the messages.
Following is the error message:
Regards,
Sergio Villela netflow.zip