lspgn
commented
2 years ago Hello, This is unlikely to be mapped into a protobuf field in the current version. It is defined in the code: a decoded sample will have the natEvent field and value can be accessed before it's converted to a protobuf but this requires to use the library and not the binary.
Eventually, I am thinking of a solution for GoFlow2 to map any field from a custom configuration into the output formats but this will be a lot of work.
cbahcevan
I can't see the definition of IPFIX_FIELD_natEvent in the source code and in the raw output. Is it going to be added as an IPFIX output?
In the link below I can see its reference number.
IPFIX_FIELD_natEvent = 230
https://github.com/cloudflare/goflow/blob/ddd88a7faa89bd9a8e75f0ceca17cbb443c14a8f/decoders/netflow/ipfix.go