Netflow sent by Cisco ASA 9.6(1) doesn't contain IN_BYTES and IN_PACKETS #112
Comments
|
Hi, as that information is available in Cisco ASA 9.8 and was doubting 9.6 didn't have it, I just did a quick check in your pcap, and yes it is available. |
|
Closing this issue, as @rol-ubiqube pointed out the bytes field in the pcap. Thanks for taking a look btw! |
|
Was his issue resolved? I have the same problem running ASA 9.1. |
|
@acheraime either in ASA 9.1 documentation or ideally in pcap, you should check if the required fields are available (as per my previous comment - #112 (comment). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello!
Elasticsearch v6.0.0 + X-Pack
Logstash v6.0.0 + X-Pack
Kibana v6.0.0 + X-Pack
OS: Ubuntu 16.04.1 x86-64
The issue is that Cisco ASA 9.6(1) doesn't send IN_PACKETS and IN_BYTES fields - ASA Netflow spec. For bytes count it sends the following fields:
NF_F_FWD_FLOW_DELTA_BYTES - The delta number of bytes from source to destination.
NF_F_REV_FLOW_DELTA_BYTES - The delta number of bytes from destination to source.
and no data for packets count.
Any ideas how to update templates and dashboards?
Pcap is attached.
netflow-12055.zip
The text was updated successfully, but these errors were encountered: