Netflow: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
No edit summary
No edit summary
Line 1: Line 1:
<span style="display:none" class="helpSource network_advanced_netflow">Netflow</span>
<span style="display:none" class="helpSource network_advanced_netflow">Netflow</span>


[https://en.wikipedia.org/wiki/NetFlow Netflow] is a standardized format to export network data.
NetFlow is a feature developed by Cisco which provides the ability to collect IP network traffic information as it enters or exits an interface. By analyzing the data provided by NetFlow, a network administrator can determine the source and destination of traffic, class of service, and the causes of congestion. A typical flow monitoring setup consists of three main components:


Netflow can be used to send network data from your Untangle server to a centralized netflow data collector.
*'''Flow exporter''': aggregates packets into flows and exports flow records towards one or more flow collectors. In this case, the NGFW.
*'''Flow collector''': responsible for reception, storage and pre-processing of flow data received from a flow exporter.
*'''Analysis application''': analyzes received flow data in the context of intrusion detection or traffic profiling, for example.
 
Netflow on NGFW uses [http://www.mindrot.org/projects/softflowd/ softflowd].


= Netflow =
= Netflow =
Line 14: Line 18:
** The port for the netflow collector.
** The port for the netflow collector.
* Version
* Version
** The version of netflow to send. There are multiple standard versions of netflow (v1, v5, and v9).
** The version of netflow to send. NGFW supports multiple standard versions: v1, v5, and v9.

Revision as of 22:09, 10 December 2021

NetFlow is a feature developed by Cisco which provides the ability to collect IP network traffic information as it enters or exits an interface. By analyzing the data provided by NetFlow, a network administrator can determine the source and destination of traffic, class of service, and the causes of congestion. A typical flow monitoring setup consists of three main components:

  • Flow exporter: aggregates packets into flows and exports flow records towards one or more flow collectors. In this case, the NGFW.
  • Flow collector: responsible for reception, storage and pre-processing of flow data received from a flow exporter.
  • Analysis application: analyzes received flow data in the context of intrusion detection or traffic profiling, for example.

Netflow on NGFW uses softflowd.

Netflow

  • Netflow enabled
    • This enables the sending of netflow data to the specified netflow collector.
  • Host
    • The IP address or hostname of the netflow collector.
  • Port
    • The port for the netflow collector.
  • Version
    • The version of netflow to send. NGFW supports multiple standard versions: v1, v5, and v9.
Retrieved from "https://wiki.edge.arista.com/index.php?title=Netflow&oldid=28160"