* Legacy Documentation for Statseeker v5.5.5 *
Index
- Overview
- Configuring Devices to Transmit NetFlow Data
- Configuring Statseeker to Receive NetFlow Data
- Disable a NetFlow Configuration
- Deleting an Existing NetFlow Source Configuration
Overview
Statseeker can report on NetFlow data (version 5, 7 ,9 and 10). To achieve this, you need to:
- Configure your devices to transmit NetFlow data
- Configure Statseeker to accept NetFlow data from the devices which are sending it
Configuring Devices to Transmit NetFlow Data
When configuring your network devices to export NetFlow data, the options which need to be configured, and the process required to configure them, will vary from vendor to vendor and model to model. Refer to your device specific documentation for guidance on configuring the device for NetFlow reporting.
The target IP address for your netflow traffic will be that of your Statseeker server and the target port must be unique for each device sending NetFlow data, within your network.
- When configuring an ingress monitor: record netflow ipv4 original-input
- When configuring an egress monitor: record netflow ipv4 original-output
These are mutually exclusive, each flow can be configured as either an ingress, or an egress flow. The following is an example, utilizing these strings, to configure ingress flow monitoring on a CISCO2901/K9.
flow exporter IPFIX
destination x.x.x.x
source GigabitEthernet0/0
ttl 15
transport udp 9001
export-protocol ipfix
template data timeout 300
option interface-table timeout 120
option exporter-stats timeout 120
option vrf-table timeout 120
!
!
flow exporter NETFLOW9
destination x.x.x.x
ttl 15
transport udp 9002
template data timeout 300
option interface-table timeout 120
option exporter-stats timeout 120
!
!
flow monitor FLOW-IPFIX
exporter IPFIX
record netflow ipv4 original-input
!
!
flow monitor FLOW-NETFLOW9
exporter NETFLOW9
record netflow ipv4 original-input
!
Configuring Statseeker to Receive NetFlow Data
To configure Statseeker to receive NetFlow data from a network device:
- Select Administration Tool > Traffic Analyzer > Flows
The Flows screen displays the list of existing NetFlow stream configurations and allows for adding and deleting configurations.
- By default, new NetFlow source configurations are enabled upon creation, uncheck the Enabled box if you do not want to begin collecting the transmitted NetFlow data immediately
The preferred method of collecting NetFlow data is via the Local Remote Network Appliance (RNA), which is part of the Statseeker server installation. Additional RNA’s can be deployed to any location on your network, acting as additional collection points for NetFlow Data.
- Select the RNA that will be collecting the NetFlow data
- Specify the Port on the RNA that will be used to receive the data
- This should match the port that the associated device has been configured to transmit on
- A unique port must be used for each flow configured on an RNA
- Provide a Label to identify the flow source
- Click Save
Disable a NetFlow Configuration
The collection of NetFlow data can be turned-off without removing the associated NetFlow configuration by:
- Select Administration Tool > Traffic Analyzer > Flows
- Uncheck the Enabled box
- Specify the Port and Label for the NetFlow configuration
- Click Save
The NetFlow configuration will remain in place but will be disabled. No data collection via the associated port will occur until the configuration is re-enabled.
Deleting an Existing NetFlow Source Configuration
To delete an existing NetFlow configuration:
- Select Administration Tool > Traffic Analyzer > Flows
- Specify the Port and Label for the NetFlow configuration
- Click Delete
- Click OK to confirm the action
The NetFlow configuration will be removed and no data collection via the associated port will occur.