[WARN ][logstash.codecs.netflow ]

Question

[WARN ][logstash.codecs.netflow ]

ionutz89 opened this issue 6 years ago · 3 comments

[2018-05-26T03:41:08,628][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}
[2018-05-26T03:41:08,633][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}
[2018-05-26T03:41:08,640][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}
[2018-05-26T03:41:08,645][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}
[2018-05-26T03:41:08,659][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}
[2018-05-26T03:41:08,665][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}
[2018-05-26T03:41:08,673][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}
[2018-05-26T03:41:08,681][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}
[2018-05-26T03:42:08,668][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}
[2018-05-26T03:42:08,677][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}

I have those warns and it seems I cannot use it this plugin. I have the latest version of ELK 6.2 on debian 9.

The plugin version is logstash-codec-netflow (3.14.1).

Could you please tell me what can I do.

Thank you!

Answer 1 · 2018-05-30T07:09:40.000Z

Can you post a pcap with this traffic?

Answer 2 · 2018-06-10T20:16:58.000Z

Appologies for late reply. I attached the file pcap.

file.zip

Below are last logs:
[2018-06-10T20:59:35,683][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}
[2018-06-10T20:59:58,658][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}
[2018-06-10T20:59:58,680][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}
[2018-06-10T20:59:58,701][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}
[2018-06-10T20:59:58,716][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}
[2018-06-10T20:59:58,740][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}
[2018-06-10T20:59:58,753][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}
[2018-06-10T20:59:58,773][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}
[2018-06-10T20:59:58,790][WARN ][logstash.codecs.netflow ] Reduced-size encoding for uint32 is larger than uint32 {:field=>[:uint32, :conn_id], :length=>8}

I updated logstash-codec-netflow to 4.0.1

Answer 3 · 2018-06-19T08:24:19.000Z

No one can help me ?