New component: Netflow/IPFIX receiver

[srclosson]

The purpose and use-cases of the new component

The new receiver would allow OTEL to collect netflow/IPFix data. Use cases cover

• Most ISP's
• Companies that need SIEM

Example configuration for the component

I'm wondering if it would make sense to do something equivalent to telegraph?

receivers:
  netflow:
     protocol: ipfix|netflow_v5|netflow_f9
     endpoint: 0.0.0.0:2055
     protocol: udp

Telemetry data types supported

Given the example from the telegraf input plugin, I would expect lots of metadata?

netflow,source=127.0.0.1,version=NetFlowV5 protocol="tcp",src="140.82.121.3",src_port=443u,dst="192.168.119.100",dst_port=55516u,flows=8u,in_bytes=87477u,in_packets=78u,first_switched=86400660u,last_switched=86403316u,tcp_flags="...PA...",engine_type="19",engine_id="0x56",sys_uptime=90003000u,src_tos="0x00",bgp_src_as=0u,bgp_dst_as=0u,src_mask=0u,dst_mask=0u,in_snmp=0u,out_snmp=0u,next_hop="0.0.0.0",seq_number=0u,sampling_interval=0u

The actual data would be heavily labelled. The preference would be to capture the data in the most usable and informative way possible. Given that this may result in high cardinality, it's suggested that the appropriate processor be used to translate metadata give the users unique use case.

Is this a vendor-specific component?

• This is a vendor-specific component
• If this is a vendor-specific component, I am proposing to contribute this as a representative of the vendor.

Sponsor (optional)

No response

Additional context

Thank-you for considering this!

[atoulme]

@srclosson would you be contributing the implementation of this component?

[github-actions]

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

[atoulme]

@srclosson would you please answer my earlier comment?

[github-actions]

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

[jpkrohling]

I just confirmed with @srclosson that we can close this one for now. If there are people interested in contributing code for this component, feel free to open a new issue or reopen this one.