Cloudera Community
MarinaM
user rank
Explorer

Re: Issue with NetFlow v9 Processing in NiFi

by Explorer in Support Questions
‎03-12-2025 11:35 PM
‎03-12-2025 11:35 PM
Hi @haridjh, The server is supposed to stream all the NetFlow data to NiFi. However, why does the time delay between sending the NetFlow and receiving it in NiFi matter? ... View more

Issue with NetFlow v9 Processing in NiFi

by Explorer in Support Questions
‎03-09-2025 12:09 AM
‎03-09-2025 12:09 AM
  Hello, We are forwarding NetFlow v9 data from a core switch and VPN to NiFi. In NiFi, we are using the NetFlow Listener processor to listen to the NetFlow traffic. However, the processor is unable to process the data, and the only information we could find in the logs after enabling debug logging is the following: 2025-03-06 16:25:29,502 WARN com.cloudera.nifi.netflow.ListenNetFlow: ListenNetFlow[id=861330c9-6ffc-1e81-9978-be1bba4f3524] Sender [/0.0.0.0:00000] Cached Template ID [259] not found 2025-03-06 16:25:29,502 DEBUG com.cloudera.nifi.netflow.ListenNetFlow: ListenNetFlow[id=861330c9-6ffc-1e81-9978-be1bba4f3524] Sender [//0.0.0.0:00000] Version [9] FlowSet ID [259] Length [604]   Is there anyone faced such issue and help us to identify the cause of this issue and suggest possible solutions? Thank you for your help.     ... View more
Labels:

Kafka Authentication Issues with third party

by Explorer in Support Questions
‎03-08-2025 11:50 PM
‎03-08-2025 11:50 PM
Hello eveyone   we’re experiencing with consuming Kafka from a third-party (Qradar) system outside of CDP. In their configuration, the only SASL mechanisms available for configuration are: PLAIN SCRAM-SHA-256 SCRAM-SHA-512 However, all of these mechanisms are resulting in authentication errors. how we can connect Qradar to kafa to be able to consume the data from kafka  Thanks in advance    ... View more
Labels:

Assistance Needed: Log Routing and Processing wit...

by Explorer in Support Questions
‎02-15-2025 10:08 PM
‎02-15-2025 10:08 PM
Hello, I need your guidance on the following scenario: We have a SIEM (QRadar) infrastructure where Event Collectors receive logs from various data sources. These logs are correlated based on SIEM rules and use cases. we plan to send logs to the SIEM while also storing a copy in a Data Lake. Current Approach: We have structured the workflow as follows: DATA SOURCES → NiFi → Store in DATA LAKE & Forward to SIEM (using PUTTCP processor) Questions: Does NiFi allow segregation of data sources? Handling LEEF logs: logs reach NiFi with the original source IP but leave NiFi with NiFi’s source IP. Since QRadar first looks for the hostname in the payload (and if absent, uses the source IP), this could cause misidentification. Can NiFi be configured to retain the original source IP while forwarding logs, without modifying the original log (to comply with legal requirements)? Log Integrity & Authenticity: Does NiFi ensure log integrity and authenticity for legal and compliance purposes? LEEF Parsing: Is there a NiFi processor available to parse LEEF logs before storing them in HDFS? thanks in advance   ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎03-20-2025 03:24 AM
Community Statistics
Member Since ‎06-13-2024 03:06 AM
Last Visited ‎03-20-2025 03:24 AM
Posts 5