Add a Netflow/IPFIX input plugin to Fluent-Bit, please

[q2dg]

Is your feature request related to a problem? Please describe. I want to process Netflow/IPFIX data. FileBeat and LogStash, for instance, have an input plugin to do so. FluentD too.

Describe the solution you'd like I'd like Fluent-Bit has a Netflow/IPFIX input plugin to act as a Netflow/IPFIX collector.

Describe alternatives you've considered Use anothe log collector/forwarder.

Thanks!

[mkenne11]

+1 for me - a netflow/ipfix plugin for fluentbit would be very helpful :)

[github-actions[bot]]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days. Maintainers can add the exempt-stale label.

[q2dg]

Well, though it seems low priority, I think closing stale issues is not the way.

[github-actions[bot]]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days. Maintainers can add the exempt-stale label.

[q2dg]

Well, though it seems low priority, I think closing stale issues is not the way.

[github-actions[bot]]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days. Maintainers can add the exempt-stale label.

[q2dg]

Well, though it seems low priority, I think closing stale issues is not the way.

[webfrank]

+1 for netflow/ipfix input

[vijaysaran]

+1

[Oinari]

+1

[github-actions[bot]]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days. Maintainers can add the exempt-stale label.

[github-actions[bot]]

This issue was closed because it has been stalled for 5 days with no activity.

[luguifang]

+1

[lecaros]

hello everyone. Please help us to prioritize this by describing your use cases, business impact, size of deployment, etc. Anything that can help us understand the need for this to be implemented.

[webfrank]

I need to collect netflow for network analysis and used fluentd but soon the CPU usage went high due to high rate of received flows.

At the end I went to custom code in go to speedup the collector.

A fluentbit native collector would help to leverage the others plugins and do not leave the fluent echo system.

[pitch-d]

We need to collect netflow/IPFIX for anomaly detection and network analysis. We've got the recommendation from our security partner that we need to have an anomaly detector on specific servers/interfaces to be able to act on suspicious threats. I think fluent-bit and opensearch will be a great mix of tools to accomplish this. This feature will help us a lot in certificate compliance. Size of deployment :thinking: Well I'd like to deploy this on every server/interface but we got to be honest, we can't surveil everything :smile:

[RickardR]

+1 for this. With Netflow/IPFIX i could do some serious security monitoring in the system, which I cant do today, since I would need to have access to our providers gateway and firewall hardware logs to track in a relevant way, which I cant (since we're not alone on those in our provider). Having this, I could monitor and create anomaly detectors on outgoing IP:s, monitor traffic patterns within the network, check for bandwidth anomalies and protocol usage without relying on the edge hardware. The amount of good stuff I could get from each node would be gold for me :) It would give me a good overview of the network traffic in the system both to detect technical issues, but also malicious activities within the network where ports and protocols are used against systems where it shouldn't. Having this in fluent-bit would remove a need for another third party product :)