docs/index.asciidoc in logstash-codec-netflow-3.5.0 vs docs/index.asciidoc in logstash-codec-netflow-3.5.1
- old
+ new
@@ -10,11 +10,11 @@
:include_path: ../../../../logstash/docs/include
///////////////////////////////////////////
END - GENERATED VARIABLES, DO NOT EDIT!
///////////////////////////////////////////
-[id="plugins-{type}-{plugin}"]
+[id="plugins-{type}s-{plugin}"]
=== Netflow codec plugin
include::{include_path}/plugin_header.asciidoc[]
@@ -22,61 +22,51 @@
The "netflow" codec is used for decoding Netflow v5/v9/v10 (IPFIX) flows.
==== Supported Netflow/IPFIX exporters
+This codec supports:
+
+* Netflow v5
+* Netflow v9
+* IPFIX
+
The following Netflow/IPFIX exporters are known to work with the most recent version of the netflow codec:
[cols="6,^2,^2,^2,12",options="header"]
|===========================================================================================
-|Netflow exporter | v5 | v9 | IPFIX | Remarks
-|Softflowd | y | y | y | IPFIX supported in https://github.com/djmdjm/softflowd
-|nProbe | y | y | y |
-|ipt_NETFLOW | y | y | y |
-|Cisco ASA | | y | |
-|Cisco IOS 12.x | | y | |
-|fprobe | y | | |
-|Juniper MX80 | y | | | SW > 12.3R8
-|OpenBSD pflow | y | n | y | http://man.openbsd.org/OpenBSD-current/man4/pflow.4
-|Mikrotik 6.35.4 | y | | n | http://wiki.mikrotik.com/wiki/Manual:IP/Traffic_Flow
-|Ubiquiti Edgerouter X | | y | | With MPLS labels
-|Citrix Netscaler | | | y | Still some unknown fields, labeled netscalerUnknown<id>
+|Netflow exporter | v5 | v9 | IPFIX | Remarks
+|Barracuda Firewall | | | y |
+|Cisco ASA | | y | |
+|Cisco ASR | | y | |
+|Cisco IOS 12.x | | y | |
+|Cisco WLC | | y | |
+|Citrix Netscaler | | | y | Still some unknown fields, labeled netscalerUnknown<id>
+|fprobe | y | | |
+|Fortigate FortiOS 5.2 | | y | |
+|ipt_NETFLOW | y | y | y |
+|Juniper MX80 | y | | | SW > 12.3R8
+|Mikrotik 6.35.4 | y | | n | http://wiki.mikrotik.com/wiki/Manual:IP/Traffic_Flow
+|nProbe | y | y | y |
+|OpenBSD pflow | y | n | y | http://man.openbsd.org/OpenBSD-current/man4/pflow.4
+|Softflowd | y | y | y | IPFIX supported in https://github.com/djmdjm/softflowd
+|Streamcore Streamgroomer | | y | |
+|Ubiquiti Edgerouter X | | y | | With MPLS labels
+|VMware VDS | | | y | Still some unknown fields
|===========================================================================================
==== Usage
-Example Logstash configuration:
+Example Logstash configuration that will listen on 2055/udp for Netflow v5,v9 and IPFIX:
[source, ruby]
--------------------------
input {
udp {
- host => localhost
port => 2055
- codec => netflow {
- versions => [5, 9]
- }
- type => netflow
+ codec => netflow
}
- udp {
- host => localhost
- port => 4739
- codec => netflow {
- versions => [10]
- target => ipfix
- }
- type => ipfix
- }
- tcp {
- host => localhost
- port => 4739
- codec => netflow {
- versions => [10]
- target => ipfix
- }
- type => ipfix
- }
}
--------------------------
[id="plugins-{type}s-{plugin}-options"]
==== Netflow Codec Configuration Options
@@ -99,13 +89,18 @@
===== `cache_save_path`
* Value type is <<path,path>>
* There is no default value for this setting.
-Where to save the template cache
-This helps speed up processing when restarting logstash
-(So you don't have to await the arrival of templates)
-cache will save as path/netflow_templates.cache and/or path/ipfix_templates.cache
+Enables the template cache and saves it in the specified directory. This
+minimizes data loss after Logstash restarts because the codec doesn't have to
+wait for the arrival of templates, but instead reload already received
+templates received during previous runs.
+
+Template caches are saved as:
+
+* <<path,path>>/netflow_templates.cache for Netflow v9 templates.
+* <<path,path>>/ipfix_templates.cache for IPFIX templates.
[id="plugins-{type}s-{plugin}-cache_ttl"]
===== `cache_ttl`
* Value type is <<number,number>>