Hi Paolo!

I have problems with flowID (#148) field. Cisco ASA allocates 4 bytes for it and Palo Alto – 8 bytes, so I can’t use one instance of nfacctd to process netflow from Cisco and Palo Alto simultaneously. I have to run two nfacctds with different primitives lists:

This one for Cisco:

name=flowID field_type=148 len=4 semantics=u_int

And this one for PA:

name=flowID field_type=148 len=8 semantics=u_int

Is it possible to define aggregation primitives automatically based on information from template file that already contains all the information about fields?

{"type": 0
"otpl": {"off": 0
"len": 4
"tpl_len": 4
"tpl_index": 148}