Skip to content

Instantly share code, notes, and snippets.

@hatant39
hatant39 / netflow_nsel_reorder.yaml
Created March 4, 2014 21:18
Logstash Netflow Codec definition for Netflow v9 nsel for Cisco ASA 5500 series.
---
148:
- 4
- :nf_f_conn_id
8:
- 4
- :nf_f_src_addr_ipv4
7:
- 2
- :nf_f_src_port
@hatant39
hatant39 / netflow_nsel_reordered_results.txt
Created March 4, 2014 21:32
Results from netflow_nsel_reorder.yaml and logstash-1.4.0.beta1
{
"_index" : "logstash_misc-2014.03",
"_type" : "netflow",
"_id" : "1EBp6WItToiChtUow83xNw",
"_score" : 1.0, "_source" : {"@timestamp":"2014-03-04T20:37:49.000Z","netflow":{"version":"9","flow_seq_num":"16323330","flowset_id":"256","nf_f_conn_id":"2881023953","nf_f_src_addr_ipv4":"1041806564","nf_f_src_port":"50284","nf_f_src_intf_id":"5","nf_f_dst_addr_ipv4":"3488767352","nf_f_dst_port":"53","nf_f_dst_intf_id":"8","nf_f_protocol":"17","nf_f_icmp_type":"0","nf_f_icmp_code":"0","nf_f_xlate_src_addr_ipv4":"1041806564","nf_f_xlate_dst_addr_ipv4":"3232282420","nf_f_xlate_src_port":"50284","nf_f_xlate_dst_port":"53","nf_f_fw_event":"1","nf_f_fw_ext_event":"0","nf_f_event_time_msec":"1393965454204","nf_f_flow_bytes":"145","nf_f_ingress_acl_id":"74146676141431344274432065536","nf_f_egress_acl_id":"0","nf_f_username":"0"},"@version":"1","type":"netflow","host":"172.20.140.10"}
}, {
"_index" : "logstash_misc-2014.03",
"_type" : "netflow",
"_id" : "bIHefq1TQM2qg7DImLoszw",

Keybase proof

I hereby claim:

  • I am hatant39 on github.
  • I am anthony_hatch (https://keybase.io/anthony_hatch) on keybase.
  • I have a public key whose fingerprint is 299D 6AC1 AEF1 42BF E487 23E5 B8C6 5C81 7705 4EFA

To claim this, I am signing this object: