Reputation: 31
How do I retrieve the template from an IPFIX file using libfixbuf?
I am trying to use the CERT tools to read and parse an IPFIX file. The docs say to grab the "internal" template from the file, though every call relating to templates seems to require a template id (tid) or other information that I don't have. It's a total chicken-and-egg problem and I can't seem to figure it out. Thoughts?
Upvotes: 2
Views: 1001
Answers (1)
Reputation: 475
To identify templates from data records you need to look for the Set ID. The Set ID will tell you if the record you are looking at is a template or data set. Anything greater than 255 is a data set. The Set Id for a template is in IPFIX is 2. (0 to NetFlow v9, the 2 formats are deceptively similar). See https://www.rfc-editor.org/rfc/rfc5101#section-3.3.2 Once you find Set Id 2 the very next field should be TemplateId for the template.
This wiki page shows an example of the IPFIX packet.
http://en.wikipedia.org/wiki/IP_Flow_Information_Export
Upvotes: 3
Related Questions
- How to import a NiFi_Flow.json or convert to a template?
- How I can use Airflow template reference in the DAG python code
- How do I access an airflow rendered template downstream?
- Decoding IPFIX packets using Python
- Xilinx FIFO IP block output in simulation
- Anyone please do have Netflow data using nfdump in csv file?
- .natvis - how to reference a template template parameter?
- NetFlow v5 - exporting flow records missing fields
- Get template parameter from file
- Getting a flowdocument from a xaml template file