Ingested Flow Examples
This section provides flow examples while using the supported parsers and connectors.
IPFIX
The below example shows a destination that listens for IPFIX on UDP 4739 coming only from an IPFIX exporter whose IP address is 192.168.11.5. The flows from other IPFIX exporters will be discarded.
destinations:
- name: ipfix
parser:
type: ipfix
connectors:
- type: udp
properties:
ports: '4739'
remote_addrs: '192.168.11.5'NetFlow
The below example is using NetFlow in which Flowlink will parse NetFlow records via UDP 6500 and listen for any data source IP address.
destinations:
- name: netflow
parser:
type: netflow
connectors:
- type: udp
properties:
ports: '6500'AWS
The below example is of an AWS destination in which the CloudWatch Log Group name is myVPCFlowLogs and is configured in the AWS Oregon region.
destinations:
- name: aws
parser:
type: aws
connectors:
- type: aws
properties:
region: us-west-2
credentials: $cat /home/employee/aws_info
log_groupname: myVPCFlowLogsText
The below example is of a text destination using Syslog and listening on UDP 6514. The syslog format uses sip attribute to extract the source IP of the flow.
destinations:
- name: syslog
parser:
type: text
properties:
src_ip: sip
dst_ip: dip
dst_port: dport
protocol: prot
timestamp: "date_time, 1"
timestamp_format: "mmm dd yyyy HH:MM:SS"
connectors:
- type: udp
properties:
ports: "6514"YAML
pce_addr: 2x2mypce.example.com:8443
api_key: $cat api_info
data_directory: /home/employee/
aggregation_minutes: 5
destinations:
- name: netflow
parser:
type: netflow
connectors:
- type: udp
properties:
ports: '6500'
- name: ipfix
parser:
type: ipfix
connectors:
- type: udp
properties:
ports: '6514'