Logstash netflow codec description for Cisco ASA

netflow_asa.yaml

---
148:
- 4
- :conn_id
8:
- :ip4_addr
- :ipv4_src_addr
7:
- 2
- :src_port
10:
- 2
- :src_intf_id
12:
- :ip4_addr
- :ipv4_dst_addr
11:
- 2
- :dst_port
14:
- 2
- :dst_intf_id
4:
- 1
- :protocol
176:
- 1
- :icmp_type
177:
- 1
- :icmp_code
225:
- :ip4_addr
- :post_nat_ipv4_src_addr
226:
- :ip4_addr
- :post_nat_ipv4_dst_addr
227:
- 2
- :post_natt_src_port
228:
- 2
- :post_natt_dst_port
233:
- 1
- :fw_event
33002:
- 2
- :fw_ext_event
323:
- 8
- :nf_f_event_time_msec
152:
- 8
- :nf_f_flow_start_msec
33000:
- 12
- :nf_f_ingress_acl_id
33001:
- 12
- :nf_f_egress_acl_id
40000:
- 20
- :nf_f_aaa_username
178:
- 1
- :nf_f_icmp_type_ipv6
281:
- 16
- :nf_f_xlate_src_addr_ipv6
179:
- :skip
282:
- :skip
40001:
- :ip4_addr
- :nf_f_xlate_src_addr_ipv4
40002:
- :ip4_addr
- :nf_f_xlate_dst_addr_ipv4
40003:
- 2
- :nf_f_xlate_src_port
40004:
- 2
- :nf_f_xlate_dst_port
40005:
- 1
- :nf_f_fw_event
231:
- 4
- :initiatorOctets
232:
- 4
- :responderOctets

Hello msheiny,

if i use your yaml file i get this log messages:
{:timestamp=>"2015-04-10T15:04:42.443000+0200", :message=>"No matching template for flow id 256", :level=>:warn}
{:timestamp=>"2015-04-10T15:04:42.443000+0200", :message=>"No matching template for flow id 263", :level=>:warn}
{:timestamp=>"2015-04-10T15:04:47.471000+0200", :message=>"No matching template for flow id 263", :level=>:warn}
{:timestamp=>"2015-04-10T15:04:47.471000+0200", :message=>"No matching template for flow id 260", :level=>:warn}

Have you any ideas or a new yaml file with this flow ids 256,263,260 ?

Best Regards

Daniel