netflow to syslog to file or siem | Log collection solutions

#1 joshik 4 years ago

Hi All,

Is there a way to collect Netflow logs to a file and export them in Syslog format. Trying to get a working solution to collect logs from the sd-wan device(ipfix/netflow) and forward them to our SIEM which only accepts Syslog format. here is the conf file ..let me know what im doing wrong ? <Extension netflow> Module xm_netflow </Extension>

<Extension json> Module xm_json </Extension>

<Input netflowIn1> Module im_udp Host Port 2055 InputType netflow </Input>

<Output Out> Module om_file File "c:\temp\syslog.txt" Exec to_json(); </Output>

<Route nf> Path netflowIn1 => Out </Route>

Permalink

#2 Zhengshi Nxlog ✓ 4 years ago

#1 joshik

Hi All, Is there a way to collect Netflow logs to a file and export them in Syslog format. Trying to get a working solution to collect logs from the sd-wan device(ipfix/netflow) and forward them to our SIEM which only accepts Syslog format. here is the conf file ..let me know what im doing wrong ? <Extension netflow> Module xm_netflow </Extension> <Extension json> Module xm_json </Extension> <Input netflowIn1> Module im_udp Host Port 2055 InputType netflow </Input> <Output Out> Module om_file File "c:\temp\syslog.txt" Exec to_json(); </Output> <Route nf> Path netflowIn1 => Out </Route>

You should be able to add Syslog headers to your events using the xm_syslog module and the associated procedures. This is likely to be to_syslog_bsd(). See the following link for additional information.
https://nxlog.co/documentation/nxlog-user-guide/xm_syslog.html