Closed SirBreadc closed 4 months ago
@SirBreadc see my comment in #14902. It seems like your device sends IPFIX data encapsulated in Netflow v9 packets...
@SirBreadc can you please test the binary in #14910 available after CI finished all tests successfully? Let me know if this fixes the issue!
@srebhan Yep that fixed my issue :) and is a much better fix that was I had suggested above
@SirBreadc what is the image supposed to tell me? ;-)
haha sorry was in a hurry and just screenshotted the output in influx, but I can now see dscp value showing for both v9 and ipfix :) and the Version is being correctly marked. Before everything was showing as NetFlowV9 :) So the fix worked. How long does it normally take for fixed to be pushed up into a release build?
Next release is on or around March 10. You can use a nightly build until then once this is merged.
Relevant telegraf.conf
Logs from Telegraf
System info
Telegraf 1.30, Centos,CentOS Linux 7
Docker
No response
Steps to reproduce
1.Send NSEL from an FTD device with.
Expected behavior
initiator_packets and responder_packets are decoded
Actual behavior
initiator_packets and responder_packets fields are showing up as type_298 and type_299
Additional info
I tested a fix locally and by moving
from
var fieldMappingsIPFIX = map[uint16][]fieldMapping{
tovar fieldMappingsNetflowCommon = map[uint16][]fieldMapping{
intelegraf/plugins/inputs/netflow/netflow_decoder.go
to fix the issue. :)Can anyone suggest other ways we could go about handling this?