After enabling NetFlow, we are not receiving DNS logs anymore.
Kindly See the picture below
Regards,
Syslog Source Output as JSON Format
Re: Syslog Source Output as JSON Format
Hi,
After enabling NetFlow, we are not receiving DNS logs anymore.
Kindly See the picture below
Regards,
After enabling NetFlow, we are not receiving DNS logs anymore.
Kindly See the picture below
Regards,
Re: Syslog Source Output as JSON Format
Modify the filter so that dns logs do not hit the kv filter:
Code: Select all
if [type] != 'dnslog'{
kv {
exclude_keys => [ "host" ]
}
}As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Syslog Source Output as JSON Format
Hi Support,
Thank you for reply, For the main issue, we are using Netflow v9 and the logs still look like this:
Another question is, should we use this for input?
udp {
type => 'nflow'
port => 2055
}
Or this?
udp {
type => 'nflow'
port => 2055
codec => netflow {
versions => [9]
Regards,
TCSDI
Thank you for reply, For the main issue, we are using Netflow v9 and the logs still look like this:
Another question is, should we use this for input?
udp {
type => 'nflow'
port => 2055
}
Or this?
udp {
type => 'nflow'
port => 2055
codec => netflow {
versions => [9]
Regards,
TCSDI
Re: Syslog Source Output as JSON Format
Code: Select all
udp {
type => 'nflow'
port => 2059
codec => netflow {
versions => [5,9]
}
}As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Syslog Source Output as JSON Format
Hi Cdienger,
We already applied the input and filter but NetFlow logs are still unreadable.
What do we need to make this show Source, Destination, Port, etc.?
We really need to integrate Netflow to our logs.
udp {
type => 'nflow'
port => 2059
codec => netflow {
versions => [5,9]
}
----------------------------------------------------------
if [type] != 'dnslog'{
kv {
exclude_keys => [ "host" ]
}
}
Regards,
Christian
We already applied the input and filter but NetFlow logs are still unreadable.
What do we need to make this show Source, Destination, Port, etc.?
We really need to integrate Netflow to our logs.
udp {
type => 'nflow'
port => 2059
codec => netflow {
versions => [5,9]
}
----------------------------------------------------------
if [type] != 'dnslog'{
kv {
exclude_keys => [ "host" ]
}
}
Regards,
Christian
Re: Syslog Source Output as JSON Format
What do these events look like in the dashboard? Expand an event in the dashboard so that we can see all fields and provide a screenshot.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Syslog Source Output as JSON Format
Hi,
Please see DNS logs go down after the application of the new filters.
Regards
Please see DNS logs go down after the application of the new filters.
Regards
Re: Syslog Source Output as JSON Format
What 'new filters'? The previous message indicated that the filters I last suggested were already in the configuration and we were trying to determine what needs to be done to display netflow log properly.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Syslog Source Output as JSON Format
Hi Cdienger,
We already applied the input and filter but NetFlow logs are still unreadable.
What do we need to make this show Source, Destination, Port, etc.?
We really need to integrate Netflow to our logs.
We use this code that you give it to us.
udp {
type => 'nflow'
port => 2059
codec => netflow {
versions => [5,9]
}
----------------------------------------------------------
if [type] != 'dnslog'{
kv {
exclude_keys => [ "host" ]
}
}
Regards,
(REPOST)
We already applied the input and filter but NetFlow logs are still unreadable.
What do we need to make this show Source, Destination, Port, etc.?
We really need to integrate Netflow to our logs.
We use this code that you give it to us.
udp {
type => 'nflow'
port => 2059
codec => netflow {
versions => [5,9]
}
----------------------------------------------------------
if [type] != 'dnslog'{
kv {
exclude_keys => [ "host" ]
}
}
Regards,
(REPOST)
Re: Syslog Source Output as JSON Format
You're missing a } at the end of your udp netflow input. It should be:
Once data is coming in with the above:
Expand an event in the dashboard so that we can see all fields and provide a screenshot. (REPOST)
See the attached screenshots.
Code: Select all
udp {
type => 'nflow'
port => 2059
codec => netflow {
versions => [5,9]
}
}
Expand an event in the dashboard so that we can see all fields and provide a screenshot. (REPOST)
See the attached screenshots.
You do not have the required permissions to view the files attached to this post.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.