All Apps and Add-ons

How can I receive ipfix from YAF (Yet Another Flowmeter)?

banaie
Path Finder

Hi all,
I was trying to receive ipfix from YAF (Yet Another Flowmeter). I changed the yaf config to udp and I thought I would receive events perfectly. But, YAF says in the log file that the connection is refused! However, I have defined the datainput to receive IPFIX on the default 4739 port and it is listening perfectly.

Please help me on this.

Thanks a lot

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee
0 Karma

banaie
Path Finder

I managed to solve the problem by inputting the server ip instead of localhost on the yaf config. However, I can't receive application labels and other deep packet information on the index.
Is there any approach for receiving all the information that yaf can provide?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...