From /etc/logstash/conf.d/central.conf:
input { type => "ipfix" } tcp { port => 4739 codec => netflow { versions => [10] target => ipfix } type => "ipfix" }} # end of inputoutput { if [type] == "ipfix" { elasticsearch { index => "ipfix_logs-%{+YYYY.MM.dd}" hosts => ["localhost:9200"] } } else { elasticsearch { index => "sophos_utm-%{+YYYY.MM.dd}" hosts => ["localhost:9200"] } }} #end of output
Unfortunately, I am getting warnings in my logstash log files:
[WARN ][logstash.codecs.netflow ] No matching template for flow id 258[WARN ][logstash.codecs.netflow ] No matching template for flow id 256[WARN ][logstash.codecs.netflow ] No matching template for flow id 258[WARN ][logstash.codecs.netflow ] No matching template for flow id 256[WARN ][logstash.codecs.netflow ] No matching template for flow id 258
Which tells me I do not have a yaml template that is compatible for the information my UTM is sending out. I have done some web searches, but unfortunately have not found a template yet (which seems odd - I can't be the only one who want to do this.)
Can anyone provide some guidance here before I possibly go ahead and try to recreate the wheel?
Thanks
-Karl
This thread was automatically locked due to age.
