Translate SNMP ifindex to corresponding interface name
lkpatel opened this issue · 3 comments
In case of Netflow v5, snmp polling can be done to get interface name of a device. This approach has been used in sflow codec. In case of Netflow 9, cisco router provides a way to send interface-names as an option template which can be used to translate ifinindex.
Is this feature is supported at present ? if yes how to achieve it ?
In my opinion this codec should (only) implement the various RFC's for Netflow and IPFIX. This already proves a difficult task as you can see from the two RFC compliance issues in the issue tracker.
Data enrichment is best done at application layers above this codec. Applications like Elastiflow already do this successfully.
Elastiflow provide SNMP ifindex translation which is based on a static dictionary. This dictionary needs to be prefilled/filled by a user in order to work it correctly. What I need is a dynamic solution like sflow where it polls respective device using SNMP protocol and put relevant mapping data in a cache. Can't it be achieved in this codec too ?
Sure, but why should the Netflow codec reinvent the wheel?
There is a Logstash SNMP input that can do that already.
@robcowart?