Can't (yet) decode flowset id 3282 from source id 512

logstash-plugins / logstash-codec-netflow

Apache License 2.0

79 stars 88 forks source link

Can't (yet) decode flowset id 3282 from source id 512 #176

Open yankai312 opened 5 years ago

yankai312 commented 5 years ago

Version:logstash_6.7.1
Operating System:RED Hat 4.8.5-16
Sample Data: netflow.pcap.zip
Steps to Reproduce: [WARN ][logstash.codecs.netflow ] Can't (yet) decode flowset id 3281 from source id 512, because no template to decode it with has been received. This message will usually go away after 1 minute. [WARN ][logstash.codecs.netflow ] Can't (yet) decode flowset id 3282 from source id 512, because no template to decode it with has been received. This message will usually go away after 1 minute.

robcowart commented 5 years ago

What kind of device/app was the source of these flow records?

huangyingcheng commented 4 years ago

关于Can't (yet) decode flowset id 3282 from source id 512：请问你解决了嘛？

yankai312 commented 4 years ago

解决了，我自己写了个接收器

---Original--- From: "huangyingcheng"notifications@github.com Date: Mon, Aug 19, 2019 17:31 PM To: "logstash-plugins/logstash-codec-netflow"logstash-codec-netflow@noreply.github.com; Cc: "yankai312"147936661@qq.com;"Author"author@noreply.github.com; Subject: Re: [logstash-plugins/logstash-codec-netflow] Can't (yet) decode flowset id 3282 from source id 512 (#176)

关于Can't (yet) decode flowset id 3282 from source id 512：请问你解决了嘛？

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

robcowart commented 4 years ago

@yankai312 to help the rest of the community, can you share which device type these flows are from? Thanks.

zlandyberg commented 4 years ago

解决了，我自己写了个接收器 … ---Original--- From: "huangyingcheng"notifications@github.com Date: Mon, Aug 19, 2019 17:31 PM To: "logstash-plugins/logstash-codec-netflow"logstash-codec-netflow@noreply.github.com; Cc: "yankai312"147936661@qq.com;"Author"author@noreply.github.com; Subject: Re: [logstash-plugins/logstash-codec-netflow] Can't (yet) decode flowset id 3282 from source id 512 (#176) 关于Can't (yet) decode flowset id 3282 from source id 512：请问你解决了嘛？ — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

大佬能看一下你写的接收器么

tiangaojie commented 2 years ago

Can't (yet) decode flowset id 1315 from source id 2, because no template to decode it with has been received. This message will usually go away after 1 minute. 大佬能帮忙看一下这个报错什么原因呢吗

tiangaojie commented 2 years ago

@yankai312 请问， input { udp { port => 8067 type => netflow codec => netflow { versions => [9] } } } output { stdout {codec => rubydebug} elasticsearch { hosts => ["http://0.0.0.0:9200"] index=> "netstream-udp" } } error： Can't (yet) decode flowset id 1315 from source id 2, because no template to decode it with has been received. This message will usually go away after 1 minute.

problem： What does it say on your receiver。Maybe my receiver is writing the wrong way