Enricher re-writes fields it should not be

[ackstorm23]

Describe the bug
When piping goflow data through enricher, fields containing IP or MAC addresses are no longer usable. Only happens with the enricher. Running only goflow2 shows correct IP and MAC addresses in output.

To Reproduce
Steps to reproduce the behavior:

1. Run GoFlow2 with arguments 'goflow2-2.2.2-7-gfb53b55-linux-aarch64 -transport.file.sep= -format=bin -addr=0.0.0.0:8880 | enricher -db.asn ./config/GeoLite2-ASN.mmdb -db.country ./config/GeoLite2-Country.mmdb'
2. Wait for flows to come in
3. Observe that the JSON output has invalid data in src_addr, dst_addr, src_mac, dst_mac, next_hop, and any other field that contains an IP or MAC address.

Expected behavior
Fields with IP or MAC address are not modified by the enricher
Captures
If applicable, add output (JSON, protobuf), packet captures and device configuration.

{"type":4,"sequence_num":6874,"sampler_address":"CgEAAQ==","bytes":17367,"packets":15,"src_addr":"z/Hj4Q==","dst_addr":"S0hP6w==","etype":2048,"proto":6,"src_port":80,"dst_port":36552,"in_if":1,"out_if":11,"src_mac":251206042811623,"dst_mac":237876075896724,"tcp_flags":16,"src_as":7941,"dst_as":7922,"next_hop":"AAAAAA==","src_country":"US","dst_country":"US"}

GoFlow2:

• Version: [GoFlow2 v2.2.2-7-gfb53b55 (2025-05-28T23:53:14-0500)]
• Environment: [Compiled from source]
• OS: [Arch Linux]

Additional context

running enricher with -loglevel=debug does not produce any logs (beyond the initial starting message from info loglevel)

[alifgufron]

i have same issue When piping goflow data through enricher

Environment = Compiled From Source
OS = FreeBSD

command debug:

/usr/local/bin/goflow2 -loglevel=info -listen netflow://:2055 -addr ":8181" -transport.file.sep= -format=bin -mapping /usr/local/etc/goflow2/mapping.yaml | /usr/local/bin/enricher -loglevel=info -db.asn /usr/local/etc/goflow2/GeoLite2-ASN.mmdb -db.country /usr/local/etc/goflow2/GeoLite2-Country.mmdb -format json

output:

time=2025-06-13T17:23:01.300+07:00 level=ERROR msg="error unmarshalling message" error="string field contains invalid UTF-8"
time=2025-06-13T17:23:01.300+07:00 level=ERROR msg="error unmarshalling message" error="string field contains invalid UTF-8"
time=2025-06-13T17:23:01.300+07:00 level=ERROR msg="error unmarshalling message" error="string field contains invalid UTF-8"
{"type":4,"sequence_num":781253024,"sampler_address":"yorhQg==","bytes":5760,"packets":4,"src_addr":"LXnbiA==","dst_addr":"yor6Hw==","etype":2048,"proto":6,"src_port":443,"dst_port":55521,"in_if":16,"out_if":15729848,"src_mac":83898788312513,"dst_mac":277468414149108,"tcp_flags":24,"src_as":131702,"dst_as":9657,"src_country":"ID","dst_country":"ID"}
time=2025-06-13T17:23:01.300+07:00 level=ERROR msg="error unmarshalling message" error="string field contains invalid UTF-8"
time=2025-06-13T17:23:01.301+07:00 level=ERROR msg="error unmarshalling message" error="string field contains invalid UTF-8"

[eoksum]

I'm observing the same issue. Any updates?