Table of Contents
Share this post
NXLog User Guide
Table of Contents
- Introduction
- Deployment
- Configuration
- OS Support
- Integration
- Troubleshooting
- Enterprise Edition Reference Manual
- 146. Man Pages
- 147. Configuration
- 148. Language
- 149. Extension Modules
- 149.1. Remote Management (xm_admin)
- 149.2. AIX Auditing (xm_aixaudit)
- 149.3. Apple System Logs (xm_asl)
- 149.4. Basic Security Module Auditing (xm_bsm)
- 149.5. Common Event Format (xm_cef)
- 149.6. Character set conversion (xm_charconv)
- 149.7. Encryption (xm_crypto)
- 149.8. Delimiter-Separated Values (xm_csv)
- 149.9. External programs (xm_exec)
- 149.10. File lists (xm_filelist)
- 149.11. File operations (xm_fileop)
- 149.12. GELF (xm_gelf)
- 149.13. Go (xm_go)
- 149.14. Grok (xm_grok)
- 149.15. Java (xm_java)
- 149.16. JSON (xm_json)
- 149.17. Key-value pairs (xm_kvp)
- 149.18. LEEF (xm_leef)
- 149.19. Microsoft DNS Server (xm_msdns)
- 149.20. Multiline parser (xm_multiline)
- 149.21. NetFlow (xm_netflow)
- 149.22. Microsoft Network Policy Server (xm_nps)
- 149.23. Pattern matcher (xm_pattern)
- 149.24. Perl (xm_perl)
- 149.25. Python (xm_python)
- 149.26. Resolver (xm_resolver)
- 149.27. Rewrite (xm_rewrite)
- 149.28. Ruby (xm_ruby)
- 149.29. SNMP traps (xm_snmp)
- 149.30. Remote Management (xm_soapadmin)
- 149.31. Syslog (xm_syslog)
- 149.32. W3C (xm_w3c)
- 149.33. WTMP (xm_wtmp)
- 149.34. XML (xm_xml)
- 149.35. Compression (xm_zlib)
- 150. Input Modules
- 151. Processor Modules
- 152. Output Modules
- NXLog Manager
- NXLog Add-Ons
149.21. NetFlow (xm_netflow)
This module provides a parser for NetFlow payloads collected over UDP using im_udp. It supports the following NetFlow protocol versions: v1, v5, v7, v9, and IPFIX.
|
Note
|
To examine the supported platforms, see the list of installer packages in the Available Modules chapter. |
|
Note
|
This module only supports parsing NetFlow data received as UDP datagrams and does not support TCP or SCTP. |
|
Note
|
xm_netflow uses the IP address of the exporter device to distinguish between different devices so that templates with the same name would not conflict. |
The module exports an input parser which can be referenced in the UDP input instance with the InputType directive:
- InputType netflow
-
This input reader function parses the payload and extracts NetFlow specific fields.