Avaya support

[rdrgporto]

Hi everyone,

I've been working with this codec with Cisco devices. Morever, I would like to work with Avaya devices, however, I have taken a look at Elastic documentacion and I have seen that any Avaya devices are supported.

Is there any possibility to add support for Avaya devices ?

Thanks in advance,

Regards :vulcan_salute:

[jorritfolmer]

Do you currently have Avaya devices sending netflow/ipfix that isn't properly decoded? If so, you can provide a pcap with Avaya netflow/ipfix traffic so we can fix that?

[rdrgporto]

Hi @jorritfolmer,

I have configured an Avaya VSP-9012 in order to send data by IPFIX. Regarding to Logstash, I did a simple conf:

  input {

    udp { port => 9995}

  }

  output {

    elasticsearch {
        hosts => ["localhost:9200"]
        index => "ipfix-%{+yyyy.ww}"
  }

I have attached an example of pcap (I did it by tcdump).

• example.txt

Thanks in advance,

Regards

[robcowart]

@rdrgporto can you provide the actual PCAP file, instead of a text representation of it?

[rdrgporto]

Hi @robcowart,

Here you are:

• avaya-ipfix.zip

Thanks in advance,

Regards

[jorritfolmer]

Hi @rdrgporto I checked your pcap but there aren't any flow packets in it, only templates. The templates decode fine btw.

• Can you perhaps generate some traffic in your lab setup so the Avaya also exports flows?
• Can you specify what Avaya device you have?

[rdrgporto]

Hi,

With Filebeat Input Netflow works :smiley:

Regards