Netflow Configuration

Owned by Jenni Wallin
Last updated: Apr 17, 2023 by Former user (Deleted)
3 min read

You open the Netflow collection agent configuration dialog from a workflow configuration. To open the Netflow collection agent configuration, click  Build → New Configuration. Select  Workflow from the Configurations dialog. When prompted to  Select workflow type, select  Realtime. Click Add agent and select Netflow from the Collection tab of the Agent Selection dialog.

Connection Tab

NetFlow agent configuration dialog - Connection tab

FieldDescription
Received Settings

Port

The port number where the NetFlow agent will listen for packets from the routers.

Note!

Since the routers will be configured to communicate with a specific host on this port, it is important that the workflow containing the NetFlow agent is configured to execute on that specific host and not on a random host.

Two NetFlow agents may not be configured to listen on the same port on the same host.


IP AddressEnter the IP address of the target host.
Only from Predefined HostsIf enabled, the agent will only accept packets from hosts specified in the Interface Mapping tab. Data from other hosts will be discarded.

If disabled, all arriving data will be accepted. This may be suitable if a combination of routers is used. When a majority of the routers only send from one interface (IP-address) each, and some is set according to the Interface Mapping tab. Hence, when disabling this option, the one-interface-routers do not have to be added to the interface mapping list.

Warn on Sequence Gap  Determines if a warning will be raised in the System Log when the sequence number gap between two sequential PDUs from the same router is equal to or larger than specified in the Minimum Gap.
Minimum GapThe minimum sequence number gap between two flow records that will cause warning in the System Log.
Receive Buffer Size

Enter the buffer size for messages to read in this field. The value should not exceed the value set for the kernel parameter net.core.rem_max.

Example on how to set the kernel parameters

$ sudo sysctl -w net.core.rmem_max=18388600 
$ sudo sysctl -w net.core.netdev_max_backlog=100000

UDR Type Tab


NetFlow agent configuration dialog - UDR Type tab

FieldDescription
AddSelect this button to open the Add UDR Internal Format Browser. Here you can add the desired UDR types.
RemoveRemoves the selected entry. 

Interface Mapping Tab


NetFlow agent configuration dialog Interface Mapping tab

Maps several interface IP addresses to one main IP address. Each router using more than one interface IP address when sending data to the agent must be registered here. One of the IP addresses, supported by the router, must be registered as Main IP Address . The others are configured in the IP Address list.

If a packet arrives from an IP address configured in the IP Address list, it will be mapped to the corresponding Main IP Address. This way it will appear as if all packets originating from the same IP address.

FieldDescription
Main IP Address  Each router that supports multiple interfaces must add one address to this list. When an existing row is selected, the content in the IP Address table will reflect the slave IP addresses for the selected Main IP Addresses.
IP AddressesAdditional IP addresses are mapped to their corresponding main IP address by the agent.

You can use the buttons below the two main sections to Add, Edit, or Remove the available entries.