Skip to content

Instantly share code, notes, and snippets.

@hatant39

hatant39/netflow_nsel_reorder.yaml

Created March 4, 2014 21:18
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save hatant39/9355893 to your computer and use it in GitHub Desktop.
Save hatant39/9355893 to your computer and use it in GitHub Desktop.
Download ZIP
Logstash Netflow Codec definition for Netflow v9 nsel for Cisco ASA 5500 series.
Raw
netflow_nsel_reorder.yaml
---
148:
- 4
- :nf_f_conn_id
8:
- 4
- :nf_f_src_addr_ipv4
7:
- 2
- :nf_f_src_port
10:
- 1
- :nf_f_src_intf_id
12:
- 4
- :nf_f_dst_addr_ipv4
11:
- 2
- :nf_f_dst_port
14:
- 2
- :nf_f_dst_intf_id
4:
- 1
- :nf_f_protocol
176:
- 1
- :nf_f_icmp_type
177:
- 1
- :nf_f_icmp_code
40001:
- 4
- :nf_f_xlate_src_addr_ipv4
40002:
- 4
- :nf_f_xlate_dst_addr_ipv4
40003:
- 2
- :nf_f_xlate_src_port
40004:
- 2
- :nf_f_xlate_dst_port
40005:
- 1
- :nf_f_fw_event
33002:
- 2
- :nf_f_fw_ext_event
323:
- 8
- :nf_f_event_time_msec
85:
- 4
- :nf_f_flow_bytes
33000:
- 12
- :nf_f_ingress_acl_id
33001:
- 12
- :nf_f_egress_acl_id
40000:
- 20
- :nf_f_username
@NeonMonk
Copy link

NeonMonk commented Dec 3, 2015

I still get "No matching template" errors when using this definition file with my Cisco ASA.

{:timestamp=>"2015-12-03T10:37:13.061000+0800", :message=>"No matching template for flow id 256", :level=>:warn}
{:timestamp=>"2015-12-03T10:37:13.817000+0800", :message=>"No matching template for flow id 256", :level=>:warn}
{:timestamp=>"2015-12-03T10:37:14.811000+0800", :message=>"No matching template for flow id 263", :level=>:warn}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment