108.18. NetFlow (xm_netflow)
This module provides a parser for NetFlow payload collected over UDP using im_udp. It supports the following NetFlow protocol versions: v1, v5, v7, v9, and IPFIX.
|
Note
|
This module only supports parsing NetFlow data received as UDP datagrams and does not support TCP. |
|
Note
|
xm_netflow uses the IP address of the exporter device to distinguish between different devices so that templates with the same name would not conflict. |
The module exports an input parser which can be referenced in the UDP input instance with the InputType directive:
- InputType netflow
-
This input reader function parses the payload and extracts NetFlow specific fields.
108.18.1. Configuration
The xm_netflow module accepts only the common module directives.
108.18.2. Fields
The fields generated by xm_netflow are provided separately. Please refer to the documentation available online or in the NXLog package.
108.18.3. Examples
Example 513. Parsing UDP NetFlow Data
The following configuration receives NetFlow data over UDP and converts the parsed data into JSON.
nxlog.conf ![[Download file]](images/icons/download_icon.png "Download file")
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
<Extension netflow>
Module xm_netflow
</Extension>
<Extension json>
Module xm_json
</Extension>
<Input udpin>
Module im_udp
Host 0.0.0.0
Port 2162
InputType netflow
</Input>
<Output out>
Module om_file
File "netflow.log"
Exec to_json();
</Output>
<Route nf>
Path udpin => out
</Route>