It's not uncommon for a few Cisco IPFIX devices to send packets with flow length equals to 4, which essentially is the size of the Flow Set ID + Flow Set length frames, leaving the information/data somehow empty/malformed.
The current behavior is to ignore such packets and log the warning message - as reading them fails due to this record definition constraint, flooding the logs with invalid packet messages (Invalid netflow packet received (value '4' not as expected for obj.records[0].flowset_length)).
Allowing users to disable such warnings, or even processing the received empty events, using the flow set to fill the default properties, would be a nice addition to this codec.
It's not uncommon for a few Cisco IPFIX devices to send packets with flow length equals to 4, which essentially is the size of the Flow Set ID + Flow Set length frames, leaving the information/data somehow empty/malformed.
The current behavior is to ignore such packets and log the warning message - as reading them fails due to this record definition constraint, flooding the logs with invalid packet messages (
Invalid netflow packet received (value '4' not as expected for obj.records[0].flowset_length)).Allowing users to disable such warnings, or even processing the received empty events, using the flow set to fill the default properties, would be a nice addition to this codec.