Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to ignore/automatically map unknown IPFIX fields #208

Open
edmocosta opened this issue Jan 31, 2024 · 0 comments
Open

Add option to ignore/automatically map unknown IPFIX fields #208

edmocosta opened this issue Jan 31, 2024 · 0 comments
Labels
enhancement

Comments

@edmocosta
Copy link

This codec currently requires all received enterprise/flow set ID to be mapped in the ipfix.yaml file. When it receives an unknown flow set ID, it fails to decode the whole event, even if that flow set ID definition is present on the exchanged template.

Citrix ADC, for example, have several custom flow set IDs (>200), which makes the mapping process complicated. The documentation of those IDs is normally incomplete, nonexistent, and hard to find.

Considering the plugins already process the template and has access to their field length, it would be nice, if possible, to add an option to "allow unknown fields", so users wouldn't need to map all of them, even if they are not interested in such data.

The unknown field name could be mapped using a similar ipfix.yaml pattern:

<PEN>Unknown<flow set id>

Example:

netscalerUnknown285
netscalerUnknown285
5992Unknown285 // use id as fallback when PEN name is unknown
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@edmocosta