Good morning!
I’m using nProbe to gather and send Netflow v9 flow captures to Graylog’s netflow input.
One of the fields I’ve enabled is the L7 protocol name, which is a 16-character string.
However, the Netflow input appears to be converting the string to a hex representation rather than showing the string. And as far as I can see from searching, there isn’t any sort of converter to change the hex sequence back to the original string?
Any thoughts on how I could either convert it to a string, or stop it from being stored as a hex sequence in the first place?
As an example (these aren’t from the same packet so the string isn’t the same). Wireshark decodes the netflow packet to include:
Field (15/15): L7_PROTO_NAME
Type: L7_PROTO_NAME (57591)
Length: 16
Layer 7 protocol name: SSL_No_Cert.Sky
… and the netflow input parses and stores it:
nf_field_57591
556e:6b6e:6f77:6e00:0:0:0:0