I have had no issues using the netflow input with Cisco Switches, but am having hard time getting it to work with a router using what Cisco calls High-Speed Logging. Basically syslog messages in Netflow format. The counters on the input show messages being received, but nothing displays. If I change the input to raw text udp, I get messages, but of course they are not readable. Initially when I started the error I got this in the log:
2020-04-14T08:20:42.651-07:00 WARN [UdpTransport] receiveBufferSize (SO_RCVBUF) for input NetFlowUdpInput{title=ISR_Router_HSL,type=org.graylog.plugins.netflow.inputs.NetFlowUdpInput, nodeId=822c2940-6e0a-48b5-9644-b1b3c1f9f5d4} (channel [id: 0x57237a3e, L:/0:0:0:0:0:0:0:0%0:1517]) should be 262144 but is 425984.
I changed the buffer on the input to 262144 as suggested. Error went away, but still no display. Running Centos 8 with GrayLog 3.2.4. Also tried this command in CentOS as per another post suggest: “sysctl -w net.core.rmem_max=262144”. Any ideas on how to troubleshoot this?