Skip to content

Include additional fields in Netflow receiver that are already available in goflow2 #40487

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dentonk opened this issue Jun 4, 2025 · 2 comments
Open

Include additional fields in Netflow receiver that are already available in goflow2 #40487

dentonk opened this issue Jun 4, 2025 · 2 comments
Labels
enhancement New feature or request receiver/netflow waiting-for-code-owners

Comments

@dentonk
Copy link

dentonk commented Jun 4, 2025

Component(s)

receiver/netflow

Is your feature request related to a problem? Please describe.

The netflow receiver currently captures a subset of the fields supported by the goflow2 package, as outlined in the README. Some of the remaining fields can be useful for security use cases. For example, TCP flags can be used to identify scans and attacks at the transport layer as scanners will sometimes send non-standard TCP flags to probe the network.

Describe the solution you'd like

Looking through the goflow2 proto, I believe these addition fields such as tcp_flags are available to be included. I do not have enough hands-on experience with Netflow to know if there are clear groupings that could be used as a way to enable these additional fields, i.e. the proto file groups them as IP and TCP special flags, but there could be a better naming convention for the config.

Describe alternatives you've considered

No response

Additional context

No response
@dentonk dentonk added enhancement New feature or request needs triage New item requiring triage labels Jun 4, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 4, 2025

Pinging code owners:

See Adding Labels via Comments if you do not have permissions to add labels yourself.

@bacherfl
Copy link
Contributor

bacherfl commented Jun 5, 2025

(Triage): Removing needs-triage as the issue is well described. Adding wait-for-code-owners

@bacherfl bacherfl added waiting-for-code-owners and removed needs triage New item requiring triage labels Jun 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request receiver/netflow waiting-for-code-owners
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bacherfl @dentonk