Error parsing NetFlow packet

Niloufar · August 12, 2018, 4:35am

Hi everyone!
I searched a lot and there isn’t any clear response about Netflow plugin. Actually the version of graylog is latest and I try to get network logs even I set an input and a UDP section in rsyslog but when i run it Network IO is not empty but there is no message. When I try get logs of gray log deal with this error

ERROR [NetFlowCodec] Error parsing NetFlow packet <2d277682-9de6-11e8-8cbf-02002e8fd23f> received from <127.0.0.1:39234>
org.graylog.plugins.netflow.flows.InvalidFlowVersionException: Invalid NetFlow version 15411
By search I understood that there is two version for net flow and If I get ride of error I should change plugin jar version to 9 but I have some java file and packing them to jar doesn’t effect anything!

Niloufar · August 14, 2018, 10:00am

I solved that issue just by setting correctly Mikrotik or Winbox as described in http://www.devblogrbmz.com/setup-netflow-monitoring-with-mikrotik-graylog-in-elasticsearch/
Thanks me

system · August 28, 2018, 10:00am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to parse Netflow data Graylog Central (peer support)	3	1467	January 1, 2019
NetFlow v9 not working (Palo Alto) Graylog Add-ons	12	3026	November 7, 2017
NetFlow Configuration Graylog Central (peer support)	4	7388	February 6, 2019
Indexer failures with netflow Graylog Central (peer support)	9	1253	February 20, 2018
Graylog 2.4.6+ceaa7e4 and Cisco ASA Netflow Graylog Central (peer support)	6	1255	December 7, 2018

Error parsing NetFlow packet

Related topics