You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right after that Graylog started processing logs but they didn’t show up in dashboard. I found there were some errors in logs while trying to parse data:
org.graylog.integrations.ipfix.IpfixException: Missing information element definitions for private enterprise number 29305
org.graylog.integrations.ipfix.IpfixException: Missing information element definitions for private enterprise number 45346
Then I included json files for translating incoming logs for both velocloud (45346 ) and ipfix (29305):
45346: VMware Knowledge Base
29305: IP Flow Information Export (IPFIX) Entities
At this moment I am encountering the following error in graylog.log:
2021-05-31T07:25:01.846Z ERROR [DecodingProcessor] Unable to decode raw message RawMessage{id=4ff8a630-c1e1-11eb-a4f5-005056919081, journalOffset=44413432, codec=ipfix, payloadSize=1817, timestamp=2021-05-31T07:25:01.843Z, remoteAddress=/172.23.9.132:54112} on input <60af6f3b3f1dd3671d48e2fc>.
2021-05-31T07:25:01.846Z ERROR [DecodingProcessor] Error processing message RawMessage{id=4ff8a630-c1e1-11eb-a4f5-005056919081, journalOffset=44413432, codec=ipfix, payloadSize=1817, timestamp=2021-05-31T07:25:01.843Z, remoteAddress=/172.23.9.132:54112}
java.lang.NullPointerException: null
at org.graylog.integrations.ipfix.IpfixParser.parseDataSet(IpfixParser.java:338) ~[?:?]
at org.graylog.integrations.ipfix.codecs.IpfixCodec.lambda$decodeMessages$3(IpfixCodec.java:206) ~[?:?]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) ~[?:1.8.0_282]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1384) ~[?:1.8.0_282]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482) ~[?:1.8.0_282]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472) ~[?:1.8.0_282]
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708) ~[?:1.8.0_282]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:1.8.0_282]
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:566) ~[?:1.8.0_282]
at org.graylog.integrations.ipfix.codecs.IpfixCodec.decodeMessages(IpfixCodec.java:212) ~[?:?]
at org.graylog2.shared.buffers.processors.DecodingProcessor.processMessage(DecodingProcessor.java:147) ~[graylog.jar:?]
at org.graylog2.shared.buffers.processors.DecodingProcessor.onEvent(DecodingProcessor.java:90) [graylog.jar:?]
at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:90) [graylog.jar:?]
at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:47) [graylog.jar:?]
at com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:143) [graylog.jar:?]
at com.codahale.metrics.InstrumentedThreadFactory$InstrumentedRunnable.run(InstrumentedThreadFactory.java:66) [graylog.jar:?]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_282]
The text was updated successfully, but these errors were encountered:
bernd
transferred this issue from Graylog2/graylog2-server
Jun 7, 2021
The version of Graylog I am using is 4.01 and I’d like to collect logs from IPFIX.
I’ve followed the below article:
https://docs.graylog.org/en/latest/pages/integrations/inputs/ipfix_input.html
Right after that Graylog started processing logs but they didn’t show up in dashboard. I found there were some errors in logs while trying to parse data:
Then I included json files for translating incoming logs for both velocloud (45346 ) and ipfix (29305):
45346: VMware Knowledge Base
29305: IP Flow Information Export (IPFIX) Entities
At this moment I am encountering the following error in graylog.log:
The text was updated successfully, but these errors were encountered: