[netsa-tools-discuss] Silk netflow-v9: lack of flags and template warnings
Ulrik Haugen
ulrik.haugen at liu.se
Thu Nov 30 08:22:02 EST 2023
Hello!
We are testing Silk with Netflow v9 records from our Fortigate firewalls
to see if we can replace Ipfix from our Juniper routers as the
replacements we will get for the latter will not be able to provide
unsampled flow records.
Configuring a probe and sensor for Netflow v9 and pointing Fortigate to
it looks promising in what turns up in answers to rwfilter for the new
sensor except for two things after a short test:
* all flows from the new sensor have an empty flags field
Do you happen to know this expected for flows from Foritigate? (We will
ask Fortigate too.)
* rwflowpack logs a lot of warnings about the templates
"Template warning: Illegal length 2 for information element
messageScope"
Would anyone care to elaborate about the warnings and how serious they
are?
Our Netflow v9 stream is produced by a firewall running Fortigate
Fortios 7.2.6.
Best regards
Ulrik Haugen
More information about the netsa-tools-discuss
mailing list