MikroTik

Posted: **Wed Sep 22, 2021 2:35 pm**

Hi all,

I set up some monitoring on elasticsearch for my traffic flow as ipfix an v9 netflows.
Works fine so far but though I did check to transfer the interfaces I cannot find them in the messages. I'd guess I'd need to write an own schema for the decoding? but at what code are the interfaces? or is it at "standard" codes but different format?

the marks "in interface" & "out interface" are ticked in the selection.
Wireshard does see outputint & inputin when set to cflow, thus looks bit like finding the correct mapping?!

actually when writing the output as debug out with logstash there's no value looking like interface

Best Daniel

Posted: **Wed Sep 22, 2021 4:30 pm**

ok looks like I was looking on the data the wrong way. seems the interface indexes are stored to ipfix.input_snmp / ipfix.output_snmp.

So I'm now wondering is there a chance for finding the mapping of interface index to interface name?

Posted: **Tue Apr 12, 2022 10:27 am**

have you manged to map the index to the interface name?

Posted: **Tue Apr 12, 2022 10:29 am**

have you manged to map the index to the interface name?

The user left the forum in 2021 after writing only these two posts.
And you, after your last post on 2018, reply to that?

Posted: **Tue Apr 19, 2022 9:25 am**

well i didn't check the history as you did. and there was already a post and didn't want to open a new post related with same topic which i was looking for.

MikroTik

ipfix template // howto decode interface?

ipfix template // howto decode interface?

Re: ipfix template // howto decode interface?

Re: ipfix template // howto decode interface?

Re: ipfix template // howto decode interface?

Re: ipfix template // howto decode interface?