Index


Overview

Statseeker can report on NetFlow data (version 5, 7 ,9 and 10). To achieve this, you need to:

  • Configure your devices to transmit NetFlow data
  • Configure Statseeker to accept NetFlow data from the devices which are sending it

[top]


Configuring Devices to Transmit NetFlow Data

When configuring your network devices to export NetFlow data, the options which need to be configured, and the process required to configure them, will vary from vendor to vendor and model to model. Refer to your device specific documentation for guidance on configuring the device for NetFlow reporting.

The target IP address for your netflow traffic will be that of your Statseeker server and the target port must be unique for each device sending NetFlow data, within your network.

Note: regardless of which NetFlow version your device is transmitting, configure the device to transmit data to Statseeker with a NetFlow v5 template. The following config lines can be used to specify this on current Cisco (NetFlow v9 and 10/IPFIX) devices:

  • When configuring an ingress monitor: record netflow ipv4 original-input
  • When configuring an egress monitor: record netflow ipv4 original-output

These are mutually exclusive, each flow can be configured as either an ingress, or an egress flow. The following is an example, utilizing these strings, to configure ingress flow monitoring on a CISCO2901/K9.


flow exporter IPFIX
destination x.x.x.x
source GigabitEthernet0/0
ttl 15
transport udp 9001
export-protocol ipfix
template data timeout 300
option interface-table timeout 120
option exporter-stats timeout 120
option vrf-table timeout 120
!
!
flow exporter NETFLOW9
destination x.x.x.x
ttl 15
transport udp 9002
template data timeout 300
option interface-table timeout 120
option exporter-stats timeout 120
!
!
flow monitor FLOW-IPFIX
exporter IPFIX
record netflow ipv4 original-input
!
!
flow monitor FLOW-NETFLOW9
exporter NETFLOW9
record netflow ipv4 original-input
!

[top]


Configuring Statseeker to Receive NetFlow Data

To configure Statseeker to receive NetFlow data from a network device:

  • Select Administration Tool > Traffic Analyzer > Flows

The Flows screen displays the list of existing NetFlow stream configurations and allows for adding and deleting configurations.

  • By default, new NetFlow source configurations are enabled upon creation, uncheck the Enabled box if you do not want to begin collecting the transmitted NetFlow data immediately

The preferred method of collecting NetFlow data is via the Local Observability Appliance (OA), which is part of the Statseeker server installation. Additional OAs can be deployed to any location on your network, acting as additional NetFlow data receivers.

  • Select the OA that will be receiving the NetFlow data
  • Specify the Port on the OA's primary interface that will be used to receive the data
    • This should match the port that the associated device (device sending the netflow data) has been configured to transmit on
    • A unique port must be assigned for each flow received by an OA
  • Provide a Label to identify the flow source
  • Click Save
Note: a unique port must be used for each flow received, i.e. each device sending NetFlow data.

[top]


Disable a NetFlow Configuration

The collection of NetFlow data can be turned-off without removing the associated NetFlow configuration by:

  • Select Administration Tool > Traffic Analyzer > Flows
  • Uncheck the Enabled box
  • Specify the Port and Label for the NetFlow configuration
  • Click Save

The NetFlow configuration will remain in place but will be disabled. No data collection via the associated port will occur until the configuration is re-enabled.

Note: this change only affects the collection and storage of NetFlow data by Statseeker. If the device is still configured to transmit NetFlow data, then this will continue.

[top]


Deleting an Existing NetFlow Source Configuration

To delete an existing NetFlow configuration:

  • Select Administration Tool > Traffic Analyzer > Flows
  • Specify the Port and Label for the NetFlow configuration
  • Click Delete
  • Click OK to confirm the action

The NetFlow configuration will be removed and no data collection via the associated port will occur.

Note: this change only affects the collection and storage of NetFlow data by Statseeker. If the device is still configured to transmit NetFlow data, then this will continue.

[top]