search

irino / softflowd

softflowd: A flow-based network traffic analyser capable of Cisco NetFlow data export software.
https://github.com/irino/softflowd
Other
167 stars 29 forks source link

Report interfaceName in normal data and tempalte record #29

Closed pwp333 closed 4 years ago

pwp333 commented 4 years ago 
Report interfaceName in normal data and template of v9 record

Some popular netflow collectors like logstash and elasticsearch
take if_name from common netflow records only.

Add configure option --enable-ifname to report interfaceName
in normal data and template of v9 record.

Also fix if_name is empty string always since strlen(src_string) is 0 initially.
Need to use sizeof() instead.
irino commented 4 years ago

I can not merge this PR by following reasons: interfaceName is should be reported by optional data. Because the capture device is determined by command option, it is not changed per flow in softflowd implementation. Hence it make worse efficiency to send flows if each flow contains intefacename. If you want to merge this, please add configure option and getopt option to be able to choice with or without interfaceName in data.

pwp333 commented 4 years ago

Added configure option --enable-ifname (default=NO) as suggested. Default configure keeps current behavior. Tested with and without enable-ifname. Thanks.