Table of Contents
- Introduction
- Deployment
- Configuration
- OS Support
- Integration
- Troubleshooting
- Enterprise Edition Reference Manual
- 129. Man Pages
- 130. Configuration
- 131. Language
- 132. Extension Modules
- 132.1. Remote Management (xm_admin)
- 132.2. AIX Auditing (xm_aixaudit)
- 132.3. Apple System Logs (xm_asl)
- 132.4. Basic Security Module Auditing (xm_bsm)
- 132.5. Common Event Format (xm_cef)
- 132.6. Character Set Conversion (xm_charconv)
- 132.7. Delimiter-Separated Values (xm_csv)
- 132.8. Encryption (xm_crypto)
- 132.9. External Programs (xm_exec)
- 132.10. File Lists (xm_filelist)
- 132.11. File Operations (xm_fileop)
- 132.12. GELF (xm_gelf)
- 132.13. Go (xm_go)
- 132.14. Grok (xm_grok)
- 132.15. Java (xm_java)
- 132.16. JSON (xm_json)
- 132.17. Key-Value Pairs (xm_kvp)
- 132.18. LEEF (xm_leef)
- 132.19. Microsoft DNS Server (xm_msdns)
- 132.20. Multiline Parser (xm_multiline)
- 132.21. NetFlow (xm_netflow)
- 132.22. Microsoft Network Policy Server (xm_nps)
- 132.23. Pattern Matcher (xm_pattern)
- 132.24. Perl (xm_perl)
- 132.25. Python (xm_python)
- 132.26. Resolver (xm_resolver)
- 132.27. Rewrite (xm_rewrite)
- 132.28. Ruby (xm_ruby)
- 132.29. SNMP Traps (xm_snmp)
- 132.30. Remote Management (xm_soapadmin)
- 132.31. Syslog (xm_syslog)
- 132.32. W3C (xm_w3c)
- 132.33. WTMP (xm_wtmp)
- 132.34. XML (xm_xml)
- 132.35. Compression (xm_zlib)
- 133. Input Modules
- 134. Processor Modules
- 135. Output Modules
- NXLog Manager
- NXLog Add-Ons
132.21. NetFlow (xm_netflow)
This module provides a parser for NetFlow payloads collected over UDP using im_udp. It supports the following NetFlow protocol versions: v1, v5, v7, v9, and IPFIX.
|
Note
|
To examine the supported platforms, see the list of installer packages in the Available Modules chapter. |
|
Note
|
This module only supports parsing NetFlow data received as UDP datagrams and does not support TCP. |
|
Note
|
xm_netflow uses the IP address of the exporter device to distinguish between different devices so that templates with the same name would not conflict. |
The module exports an input parser which can be referenced in the UDP input instance with the InputType directive:
- InputType netflow
-
This input reader function parses the payload and extracts NetFlow specific fields.
132.21.1. Configuration
The xm_netflow module accepts only the common module directives.
132.21.2. Fields
The fields generated by xm_netflow are provided separately. Please refer to the documentation available online or in the NXLog package.
132.21.3. Examples
Example 677. Parsing UDP NetFlow Data
The following configuration receives NetFlow data over UDP and converts the parsed data into JSON.
nxlog.conf ![[Download file]](images/icons/download_icon.png "Download file")
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
<Extension netflow>
Module xm_netflow
</Extension>
<Extension json>
Module xm_json
</Extension>
<Input udpin>
Module im_udp
ListenAddr 0.0.0.0:2162
InputType netflow
</Input>
<Output out>
Module om_file
File "netflow.log"
Exec to_json();
</Output>
<Route nf>
Path udpin => out
</Route>