Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filebeat Netflow Template Sharing not working #42080

Closed
simioa opened this issue Dec 17, 2024 · 1 comment · Fixed by #42079
Closed

Filebeat Netflow Template Sharing not working #42080

simioa opened this issue Dec 17, 2024 · 1 comment · Fixed by #42079
Labels
bug Filebeat Filebeat Team:Security-Deployment and Devices Deployment and Devices Team in Security Solution

Comments

@simioa
Copy link
Contributor

simioa commented Dec 17, 2024

During my tests with the Filebeat Netflow Input, I found that sharing templates by using the share_templates parameter did not work. The template was received multiple times, but was never applied to subsequent Netflow events.

"[netflow-v9] Packet from:127.0.0.1:59773 src:256 seq:499564737"
"[netflow-v9] FlowSet ID 0 length 80"
"[netflow-v9] state - addTemplate 256 -"
"[netflow-v9] Packet from:127.0.0.1:56714 src:256 seq:499564738"
"[netflow-v9] Packet from:127.0.0.1:54741 src:256 seq:499564739"
"[netflow-v9] FlowSet ID 256 length 100"
"[netflow-v9] No template for ID 256"

I then looked at the code and found out that the shareTemplates parameter is not set in the decoder. I created a Merge Request that may fixes this issue: #42079
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Dec 17, 2024
@simioa simioa mentioned this issue Dec 17, 2024
Merged
6 tasks
@andrewkroh andrewkroh added bug Filebeat Filebeat Team:Security-Deployment and Devices Deployment and Devices Team in Security Solution labels Dec 17, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Dec 17, 2024
mergify bot pushed a commit that referenced this issue Dec 19, 2024
@simioa @mergify
[filebeat][netflow]: fix template sharing (#42079)
884abb6 
Pass the share_templates configuration option into the NetflowV9Protocol
struct. The parameter was not being set, and therefore was always false so
it was not possible to use this option.

Added a test case to prevent future regressions.

Closes #42080

(cherry picked from commit 323c69e)
@mergify mergify bot mentioned this issue Dec 19, 2024
Merged
6 tasks
andrewkroh pushed a commit that referenced this issue Dec 19, 2024
@mergify @simioa
[8.x](backport #42079) [filebeat][netflow]: fix template sharing (#42124
3d2bda9 
)

Pass the share_templates configuration option into the NetflowV9Protocol
struct. The parameter was not being set, and therefore was always false so
it was not possible to use this option.

Added a test case to prevent future regressions.

Closes #42080

(cherry picked from commit 323c69e)

Co-authored-by: Ioannis Simeonidis <[email protected]>
mergify bot pushed a commit that referenced this issue Dec 20, 2024
@simioa @mergify
[filebeat][netflow]: fix template sharing (#42079)
5f173ba 
Pass the share_templates configuration option into the NetflowV9Protocol
struct. The parameter was not being set, and therefore was always false so
it was not possible to use this option.

Added a test case to prevent future regressions.

Closes #42080

(cherry picked from commit 323c69e)

# Conflicts:
#	x-pack/filebeat/input/netflow/decoder/v9/v9.go
mergify bot pushed a commit that referenced this issue Dec 20, 2024
@simioa @mergify
[filebeat][netflow]: fix template sharing (#42079)
c6771d6 
Pass the share_templates configuration option into the NetflowV9Protocol
struct. The parameter was not being set, and therefore was always false so
it was not possible to use this option.

Added a test case to prevent future regressions.

Closes #42080

(cherry picked from commit 323c69e)
This was referenced Dec 20, 2024
Closed
Merged
mergify bot pushed a commit that referenced this issue Dec 20, 2024
@simioa @mergify
[filebeat][netflow]: fix template sharing (#42079)
2a477fe 
Pass the share_templates configuration option into the NetflowV9Protocol
struct. The parameter was not being set, and therefore was always false so
it was not possible to use this option.

Added a test case to prevent future regressions.

Closes #42080

(cherry picked from commit 323c69e)
@mergify mergify bot mentioned this issue Dec 20, 2024
Merged
6 tasks
mjwolf added a commit that referenced this issue Dec 27, 2024
@mergify @simioa @mjwolf
[filebeat][netflow]: fix template sharing (#42079) (#42138)
e5169ec 
Pass the share_templates configuration option into the NetflowV9Protocol
struct. The parameter was not being set, and therefore was always false so
it was not possible to use this option.

Added a test case to prevent future regressions.

Closes #42080

(cherry picked from commit 323c69e)

Co-authored-by: Ioannis Simeonidis <[email protected]>
Co-authored-by: Michael Wolf <[email protected]>
mjwolf added a commit that referenced this issue Dec 27, 2024
@mergify @simioa @mjwolf
[filebeat][netflow]: fix template sharing (#42079) (#42137)
3c9253f 
Pass the share_templates configuration option into the NetflowV9Protocol
struct. The parameter was not being set, and therefore was always false so
it was not possible to use this option.

Added a test case to prevent future regressions.

Closes #42080

(cherry picked from commit 323c69e)

Co-authored-by: Ioannis Simeonidis <[email protected]>
Co-authored-by: Michael Wolf <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Filebeat Filebeat Team:Security-Deployment and Devices Deployment and Devices Team in Security Solution
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[filebeat][netflow]: fix template sharing simioa/beats
3 participants
@andrewkroh @elasticmachine @simioa