ipfix-forwarder listens for IPFIX (RFC 5101) streams sent over UDP, parses,
pre-processes, includes extra (VMware, Nokia) vendor fields, converts to JSON and
optionally can forward JSON string representation to a custom syslog destination.
In addition to IPFX standard fields, it also knows how to interpret and include the following vendor IPFIX fields:
- VMware NSX
- VMware vSphere Distributed Switch (VDS)
- Nokia NAT
If using these vendors above the JSON will include an extra field named
nsxSegmentId which will correspond to the edge segmentId. It then becomes
trivial to bind a flow to corresponding inventory entities.
You can choose to export the JSON to a custom syslog destination.
This server does not yet directly natively export flows to Apache Kafka.
If you are looking to export your IPFIX flows to Apache Kafka, you can use
ipfix-forwarder along with syslog-ng
and the syslog_kafka destination.
Start ipfix-forwader on udp://0.0.0.0:2055, interpret and include VMware
vendor fields, log in console with a verbosity of 1.
$ ./ipfix-forwarder -logtostderr -v 1 -vendor-vmware-vds -vendor-vmware-nsx
Start ipfix-forwader on udp://0.0.0.0:2055, interpret and include VMware
vendor fields, log in console and file with a verbosity of 1 and export to a
syslog server on udp://10.10.11.41:2056
$ ./ipfix-forwarder -alsologtostderr -v 1 -vendor-vmware-vds -vendor-vmware-nsx -export-json-to-syslog -export-syslog-host 10.10.11.41 -export-syslog-port 2056
$ ./ipfix-forwarder -h
usage: ipfix-forwarder [server-flags] [vendor(s)] [syslog-export-info] [logging-properties]
-alsologtostderr
log to standard error as well as files
-export-json-to-syslog
export flows to syslog server in JSON format
-export-syslog-host string
syslog server address for JSON exports. (default "127.0.0.1")
-export-syslog-port int
syslog server port forJSON exports. (default 514)
-export-syslog-program string
syslog message program for JSON exports. (default "ipfix-forwarder")
-export-syslog-proto string
syslog server proto for JSON exports. (default "UDP")
-log_backtrace_at value
when logging hits line file:N, emit a stack trace
-log_dir string
If non-empty, write log files in this directory
-logtostderr
log to standard error instead of files
-num-cpu int
Number of CPUs to leverage. (default `runtime.NumCPU()`)
-server-address string
IP the server will be listening to. (default "0.0.0.0")
-server-port int
Port we will be listening on. (default 2055)
-server-rcvbuf int
Size of OS receive buffer associated with the connection. (default 2097152)
-server-sndbuf int
Size of OS transmit buffer associated with the connection. (default 2097152)
-stderrthreshold value
logs at or above this threshold go to stderr
-v value
log level for V logs
-vendor-nokia
Include Nokia NAT vendor fields.
-vendor-vmware-nsx
Include VMware NSX vendor fields.
-vendor-vmware-vds
Include VMware vSphere Distributed Switch (VDS) vendor fields.
-version
Version
-vmodule value
comma-separated list of pattern=N settings for file-filtered logging
You can find latest binary releases for linux/amd64 here
You will need Go 1.13.x installed.
$ make build