Contents x
IPFIX Input
  • 09 Aug 2022
  • 1 Minute to read
  • Print
  • Dark
    Light
Contents

IPFIX Input

  • Updated on 09 Aug 2022
  • 1 Minute to read
  • Print
  • Dark
    Light
Note

This input is available since Graylog version 3.2 Installation of an additional graylog-integrations-plugins package is required. See the Integrations Setup page for more info.

IPFIX input allows Graylog to read IPFIX logs. The input supports all of the standard IANA fields by default.

IPFIX Field Definitions

Any additional vendor/hardware-specific fields that are collected need to be defined in a JSON file. The file needs to provide the private operations number, as well as the additional field definitions that are being collected. Structure the JSON file according to the example below.

Example of JSON file

Provide the filepath of the JSON file with additional collected fields in the IPFIX field definitions option.

{
  "enterprise_number": PRIVATE ENTERPRISE NUMBER,
  "information_elements": [
    {
      "element_id": ELEMENT ID NUMBER,
      "name": "NAME OF DEFINITION",
      "data_type": "ABSTRACT DATA TYPE"
    },
    ...
    ...
    ...
  {
    "element_id": ELEMENT ID NUMBER,
    "name": "NAME OF DEFINITIONt",
    "data_type": "ABSTRACT DATA TYPE"
  }
  ]
}

IPFIX Data Types

ipfix

ipfix 1

Was this article helpful?
What's Next
Connect With Us
© 2021 Graylog, Inc. | All rights reserved