elasticmachine
commented
2 years ago Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
Open jamiehynds opened 2 years ago
elasticmachine
commented
2 years ago Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
willemdh
commented
2 years ago We would love to see flow support... Currently we use the sflow logstash codec, but it has bugs resulting in performance issues which eventually result into Logstash erratic behaviour. Its also not supported.. So plus 1 for this....
botelastic[bot]
commented
1 year ago Hi! We just realized that we haven't looked into this issue in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!
willemdh
commented
1 year ago Plus 1
elasticmachine
commented
5 months ago Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)
Our Netflow integration current supports several Netflow versions (e.g. 3,5,7,9) as well as IPFIX. Several vendors, such as Dell, only support sFlow output from their network devices. This issue will track our progress to support sFlow within our Netflow integration.
sFlow v5 is the current version, and has been globally supported since 2004. Relevant RFC can be viewed here: https://sflow.org/sflow_version_5.txt
For any users interested in sFlow support, any pcap you can provide with some sFlow samples, would be a bit help towards us supporting sFlow.