README
¶
Netflow receiver
| Status | |
|---|---|
| Stability | development: logs |
| Distributions | [] |
| Issues |   |
| Code Owners | @evan-bradley, @dlopes7 |
The netflow receiver can listen for netflow, sflow, and ipfix data and convert it to OpenTelemetry logs. The receiver is based on the goflow2 project.
This gives OpenTelemetry users the capability of monitoring network traffic, and answer questions like:
- Which protocols are passing through the network?
- Which servers and clients are producing the highest amount of traffic?
- What ports are involved in these network calls?
- How many bytes and packets are being sent and received?
Getting started
By default the receiver will listen for ipfix and netflow on port 2055. The receiver can be configured to listen on different ports and protocols.
Example configuration:
receivers:
netflow:
- scheme: netflow
port: 2055
sockets: 16
workers: 32
processors:
batch:
send_batch_size: 2000
timeout: 30s
exporters:
debug:
verbosity: detailed
service:
pipelines:
logs:
receivers: [netflow]
processors: [batch]
exporters: [debug]
telemetry:
logs:
level: debug
We recommend using the batch processor to reduce the number of log requests being sent to the exporter. The batch processor will batch log records together and send them in a single request to the exporter.
You would then configure your network devices to send netflow, sflow, or ipfix data to the Collector on the specified ports.
Configuration
| Field | Description | Examples | Default |
|---|---|---|---|
| scheme | The type of flow data that to receive | sflow, netflow, flow |
netflow |
| hostname | The hostname or IP address to bind to | localhost |
0.0.0.0 |
| port | The port to bind to | 2055 or 6343 |
2055 |
| sockets | The number of sockets to use | 1 | 1 |
| workers | The number of workers used to decode incoming flow messages | 2 | 2 |
| queue_size | The size of the incoming netflow packets queue | 1000 | 1000000 |
Data format
The netflow data is standardized for the different schemas and is converted to OpenTelemetry logs following the semantic conventions
The output will adhere the format:
{
"destination": {
"address": "192.168.0.1",
"port": 22
},
"flow": {
"end": 1731073104662487000,
"sampler_address": "192.168.0.2",
"sequence_num": 49,
"start": 1731073077662487000,
"time_received": 1731073138662487000,
"type": "NETFLOW_V5"
},
"io": {
"bytes": 529,
"packets": 378
},
"source": {
"address": "192.168.0.3",
"port": 40
},
"transport": "TCP",
"type": "IPv4"
}
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewFactory ¶
NewFactory creates a factory for netflow receiver.
Types ¶
type Config ¶
type Config struct {
// The scheme defines the type of flow data that the listener will receive
// The scheme must be one of sflow, netflow, or flow
Scheme string `mapstructure:"scheme"`
// The hostname or IP address that the listener will bind to
Hostname string `mapstructure:"hostname"`
// The port that the listener will bind to
Port int `mapstructure:"port"`
// The number of sockets that the listener will use
Sockets int `mapstructure:"sockets"`
// The number of workers that the listener will use to decode incoming flow messages
// By default it will be two times the number of sockets
// Ideally set this to the number of CPU cores
Workers int `mapstructure:"workers"`
// The size of the queue that the listener will use
// This is a buffer that will hold flow messages before they are processed by a worker
QueueSize int `mapstructure:"queue_size"`
}
Config represents the receiver config settings within the collector's config.yaml
Source Files
Directories