Hint: This input has been available since Graylog version 3.2. Installation of an additional graylog-integrations-plugins package is required.

IPFIX input allows Graylog to read IPFIX logs. The input supports all of the standard IANA fields by default.

IPFIX Field Definitions

Any additional vendor/hardware-specific fields that are collected need to be defined in a JSON file. The file needs to provide the private operations number, as well as the additional field definitions that are being collected. Structure the JSON file according to the example below.

Example of JSON File

Provide the filepath of the JSON file with additional collected fields in the IPFIX field definitions option.

Copy
{
  "enterprise_number": PRIVATE ENTERPRISE NUMBER,
  "information_elements": [
    {
      "element_id": ELEMENT ID NUMBER,
      "name": "NAME OF DEFINITION",
      "data_type": "ABSTRACT DATA TYPE"
    },
    ...
    ...
    ...
  {
    "element_id": ELEMENT ID NUMBER,
    "name": "NAME OF DEFINITIONt",
    "data_type": "ABSTRACT DATA TYPE"
  }
  ]
}

IPFIX Data Types

ipfix