Open jamiehynds opened 2 years ago
Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
We would love to see flow support... Currently we use the sflow logstash codec, but it has bugs resulting in performance issues which eventually result into Logstash erratic behaviour. Its also not supported.. So plus 1 for this....
Hi! We just realized that we haven't looked into this issue in a while. We're sorry! We're labeling this issue as Stale
to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1
. Thank you for your contribution!
Plus 1
Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)
Our Netflow integration current supports several Netflow versions (e.g. 3,5,7,9) as well as IPFIX. Several vendors, such as Dell, only support sFlow output from their network devices. This issue will track our progress to support sFlow within our Netflow integration.
sFlow v5 is the current version, and has been globally supported since 2004. Relevant RFC can be viewed here: https://sflow.org/sflow_version_5.txt
For any users interested in sFlow support, any pcap you can provide with some sFlow samples, would be a bit help towards us supporting sFlow.