Contents x
IPFIX Input
  • 24 May 2022
  • 1 Minute to read
  • Print
  • Dark
    Light
Contents

IPFIX Input

  • Updated on 24 May 2022
  • 1 Minute to read
  • Print
  • Dark
    Light
Note

This input is available since Graylog version 3.2 Installation of an additional graylog-integrations-plugins package is required. See the Integrations Setup page for more info.

This input allows Graylog to read ipfix logs. By default the input supports all the standard IANA fields .

IPFIX Field Definitions

Any additional field that are being collected that are vendor/hardware specific need to be defined in a json file. This file needs to provide the private operations number , as well as the additional field definitions that are being collected. The example below is how the json file needs to be structured.

Example of JSON file

The filepath of the json file with the additional field being collected need to be provided in the IPFIX field definitions option when creating the input.

{
  "enterprise_number": PRIVATE ENTERPRISE NUMBER,
  "information_elements": [
    {
      "element_id": ELEMENT ID NUMBER,
      "name": "NAME OF DEFINITION",
      "data_type": "ABSTRACT DATA TYPE"
    },
    ...
    ...
    ...
  {
    "element_id": ELEMENT ID NUMBER,
    "name": "NAME OF DEFINITIONt",
    "data_type": "ABSTRACT DATA TYPE"
  }
  ]
}

IPFIX Data Types

ipfix

ipfix 1

Was this article helpful?
What's Next
Connect With Us
© 2021 Graylog, Inc. | All rights reserved