Netflow: Difference between revisions
From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
(Created page with "<span style="display:none" class="helpSource network_advanced_netflow">Netflow</span> [https://en.wikipedia.org/wiki/NetFlow Netflow] is a standardized format to export netwo...") |
No edit summary |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
<span style="display:none" class="helpSource network_advanced_netflow">Netflow</span> | <span style="display:none" class="helpSource network_advanced_netflow">Netflow</span> | ||
NetFlow is a feature developed by Cisco which provides the ability to collect IP network traffic information as it enters or exits an interface. By analyzing the data provided by NetFlow, a network administrator can determine the source and destination of traffic, class of service, and the causes of congestion. A typical flow monitoring setup consists of three main components: | |||
*'''Flow exporter''': aggregates packets into flows and exports flow records towards one or more flow collectors. In this case, the NGFW. | |||
*'''Flow collector''': responsible for reception, storage and pre-processing of flow data received from a flow exporter. | |||
*'''Analysis application''': analyzes received flow data in the context of intrusion detection or traffic profiling, for example. | |||
* Netflow enabled | Netflow on NGFW uses [http://www.mindrot.org/projects/softflowd/ softflowd]. | ||
= Netflow = | |||
Netflow settings are located in '''Config > Network > Advanced > Netflow'''. | |||
* '''Netflow enabled''' | |||
** This enables the sending of netflow data to the specified netflow collector. | ** This enables the sending of netflow data to the specified netflow collector. | ||
* Host | * '''Host''' | ||
** The IP address or hostname of the netflow collector. | ** The IP address or hostname of the netflow collector. | ||
* Port | * '''Port''' | ||
** The port for the netflow collector. | ** The port for the netflow collector. | ||
* Version | * '''Version''' | ||
** The version of netflow to send. | ** The version of netflow to send. NGFW supports multiple standard versions: v1, v5, and v9. | ||
Latest revision as of 22:10, 10 December 2021
NetFlow is a feature developed by Cisco which provides the ability to collect IP network traffic information as it enters or exits an interface. By analyzing the data provided by NetFlow, a network administrator can determine the source and destination of traffic, class of service, and the causes of congestion. A typical flow monitoring setup consists of three main components:
- Flow exporter: aggregates packets into flows and exports flow records towards one or more flow collectors. In this case, the NGFW.
- Flow collector: responsible for reception, storage and pre-processing of flow data received from a flow exporter.
- Analysis application: analyzes received flow data in the context of intrusion detection or traffic profiling, for example.
Netflow on NGFW uses softflowd.
Netflow
Netflow settings are located in Config > Network > Advanced > Netflow.
- Netflow enabled
- This enables the sending of netflow data to the specified netflow collector.
- Host
- The IP address or hostname of the netflow collector.
- Port
- The port for the netflow collector.
- Version
- The version of netflow to send. NGFW supports multiple standard versions: v1, v5, and v9.
