Hi
I have configured a Cisco ASA device to send netflow logs to Graylog, when I click on show received messages i don’t see any messages, but i can see the packets are comming in
Did you check if the time of the sending device and your Graylog is the same? Did you check your Graylog server log? Did you search for “all messages” to see if you see messages? Did you check if your messages might be in the future?
Yes first thing i checked was time. What i should check from Graylog logs? Search from all messages doesn’t show netflow messages.
Update. I have these errors in my server.log:
2018-11-12T13:55:55.127+02:00 ERROR [DecodingProcessor] Unable to decode raw message RawMessage{id=e9196a50-e671-11e8-a85e-9418826fc0ad, journalOffset=26300119396, codec=netflow, payloadSize=1618, timestamp=2018-11-12T11:55:55.125Z, remoteAddress=/IP_REMOVED:1641} on input <5bd2ab6ee94529121c0d9b9c>.
2018-11-12T13:55:55.127+02:00 ERROR [DecodingProcessor] Error processing message RawMessage{id=e9196a50-e671-11e8-a85e-9418826fc0ad, journalOffset=26300119396, codec=netflow, payloadSize=1618, timestamp=2018-11-12T11:55:55.125Z, remoteAddress=/IP_REMOVED:1641}
java.lang.NullPointerException: null
Any update to this from staff? Is this a bug or what?
He @anssik
please let me clarify - this is the Graylog community and not any official support channel. The Graylog Team members answere in this community on their spare time.
Should you want to have answer in a given time, consider to buy Support and agree on some kind of SLA with us.
It looks like the netflow messages are nothing that the input can work with. It looks like Netflow 9 what new IOS Versions use might have some issues, when I follow this:
https://github.com/Graylog2/graylog-plugin-netflow/issues/30
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.