search

javadmohebbi / goNfCollector

A set of tool to collect & analyze netflow & export them to many DBs & Apps like InfluxDB time-series DB
94 stars 20 forks source link

Decode netflow9 IPv6 fails #36

Closed dbezjak closed 1 year ago

dbezjak commented 2 years ago

Hi Javad gret project.. I have problem vith decoding netflow9 IPV6 traffic...debug log:

2022/11/09 11:52:25 influxdb2client E! Write error: invalid: unable to parse 'dstHost,device=172.18.0.1,host=,countryLong=Invalid_IP_address.,countryShort=Invalid_IP_address.,region=Invalid_IP_address.,city=Invalid_IP_address. bytes=2609u,packets=9u 1667994745486804564': missing tag value unable to parse 'dstDnsLookup,device=172.18.0.1,host=,domain=NA-,countryLong=Invalid_IP_address.,countryShort=Invalid_IP_address.,region=Invalid_IP_address.,city=Invalid_IP_address. bytes=2609u,packets=9u 1667994745486804564': missing tag value unable to parse 'detail,device=172.18.0.1,proto=UDP,shost=,sport=443/UDP,scountryLong=Invalid_IP_address.,scountryShort=Invalid_IP_address.,sregion=Invalid_IP_address.,scity=Invalid_IP_address.,dhost=,dport=65148/UDP,dcountryLong=Invalid_IP_address.,dcountryShort=Invalid_IP_address.,dregion=Invalid_IP_address.,dcity=Invalid_IP_address. bytes=2609u,packets=9u 1667994745486859133': missing tag value2022/11/09 11:52:25 influxdb2client E! Write error: invalid: unable to parse 'dstHost,device=172.18.0.1,host=,countryLong=Invalid_IP_address.,countryShort=Invalid_IP_address.,region=Invalid_IP_address.,city=Invalid_IP_address. bytes=2609u,packets=9u 1667994745486804564': missing tag value unable to parse

My netflow9 structure from nfcollector-logger:

NetFlow version 9 packet data set template 320, length: 332 4 records: record 0: sourceIPv4Address: 172.81.239.11 destinationIPv4Address: 91.246.224.1 ipClassOfService: 0 protocolIdentifier: 1 sourceTransportPort: 0 destinationTransportPort: 0 icmpTypeCodeIPv4: 2048 ingressInterface: 531 vlanId: 13 sourceIPv4PrefixLength: 20 destinationIPv4PrefixLength: 32 bgpSourceAsNumber: 45090 bgpDestinationAsNumber: 34779 ipNextHopIPv4Address: 0.0.0.0 tcpControlBits: 0 egressInterface: 16 minimumTTL: 44 maximumTTL: 44 flowEndReason: 1 ipVersion: 4 bgpNextHopIPv4Address: 0.0.0.0 flowDirection: 255 dot1qVlanId: 0 dot1qCustomerVlanId: 0 fragmentIdentification: 0 octetDeltaCount: 84 packetDeltaCount: 1 flowStartSysUpTime: 4153137984 flowEndSysUpTime: 4153137984

NetFlow version 9 packet data set template 321, length: 137 1 records: record 0: sourceIPv6Address: 2a00:1450:4014:80f::2004 destinationIPv6Address: 2a01:261:0:1::b ipClassOfService: 0 protocolIdentifier: 17 sourceTransportPort: 443 destinationTransportPort: 61535 icmpTypeCodeIPv6: 0 ingressInterface: 531 vlanId: 13 sourceIPv6PrefixLength: 48 destinationIPv6PrefixLength: 128 bgpSourceAsNumber: 15169 bgpDestinationAsNumber: 34779 ipNextHopIPv6Address: :: bgpNextHopIPv6Address: :: tcpControlBits: 0 egressInterface: 200247833 minimumTTL: 61 maximumTTL: 62 flowEndReason: 1 flowDirection: 255 dot1qVlanId: 0 dot1qCustomerVlanId: 0 fragmentIdentification: 0 ipv6ExtensionHeaders: 0 octetDeltaCount: 3839 packetDeltaCount: 8 flowStartSysUpTime: 4153139264 flowEndSysUpTime: 4153139520

How is possible to include other filds, like ASN...

Thanks for help, kind regardss, Darko.

javadmohebbi commented 1 year ago

Hi @dbezjak

Currently we are support only IPv4 addresses. Our prev. version used to support ASN, but since there was a performance issue, I decide to remove it temporary.

Regards,