Deprecation Note

We published the last version of Graylog Documentation before the release of Graylog 4.2. Now, all documentation and help content for Graylog products are available at https://docs.graylog.org/.

There will be no further updates to these pages as of October 2021.

Do you have questions about our documentation? You may place comments or start discussions about documentation here: https://community.graylog.org/c/documentation-campfire/30

IPFIX Input

Note

This input is available since Graylog version 3.2 Installation of an additional graylog-integrations-plugins package is required. See the Integrations Setup page for more info.

This input allows Graylog to read ipfix logs. By default the input supports all the standard IANA fields .

IPFIX Field Definitions

Any additional field that are being collected that are vendor/hardware specific need to be defined in a json file. This file needs to provide the private enterprise number , as well as the additional field definitions that are being collected. The example below is how the json file needs to be structured.

Example of JSON file

The filepath of the json file with the additional field being collected need to be provided in the IPFIX field definitions option when creating the input.

{
  "enterprise_number": PRIVATE ENTERPRISE NUMBER,
  "information_elements": [
    {
      "element_id": ELEMENT ID NUMBER,
      "name": "NAME OF DEFINITION",
      "data_type": "ABSTRACT DATA TYPE"
    },
    ...
    ...
    ...
  {
    "element_id": ELEMENT ID NUMBER,
    "name": "NAME OF DEFINITIONt",
    "data_type": "ABSTRACT DATA TYPE"
  }
  ]
}

IPFIX Data Types

../../../_images/ipfix_data_types.png ../../../_images/ipfix.png