search

robcowart / elastiflow

Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack
Other
2.48k stars 590 forks source link

sflow unknown format #658

Closed es-x closed 2 years ago

es-x commented 3 years ago

Hi, cannot receive sflow data

[WARN ][logstash.codecs.sflow ][elastiflow][9fc264f1e27ac9d49418c2d1c6c46501f9ee9edcaacd4bd1f95c7f0e99cc7b66] Unknown sample_flow record: entreprise 8800, format 2

robcowart commented 3 years ago

It looks like you are receiving sFlow that isn't supported by the codec. You should probably open an issue for the codec here... https://github.com/path-network/logstash-codec-sflow

I do find the enterprise ID of 8800 somewhat curious. 8800 is "YH Consulting", which I haven't seen before. I would usually expect this to be a networking vendor. From which kind of device or app are these records being received? If you can share a PCAP of the sFlow records, I can take a closer look just to confirm.

es-x commented 3 years ago

add pcap netflow.pcap.zip

robcowart commented 2 years ago

This issue is being closed as this legacy version of ElastiFlow is now deprecated and is to be archived. Please try the new ElastiFlow, request a free Basic Tier license, and join the ElastiFlow Community Slack. Thank you.