Setting NetFlow Collection Port

When you start the NetFlow Analyzer for the first time, you need to set NetFlow collection port before you can see traffic statistics.

NetFlow collection port is a port on the NetVizura Server (computer on which the NetVizura with NetFlow Analyzer enabled is installed) to which your network devices are exporting the netflow data to. You need to set this port number to match the port number on all your network devices that are exporting netflow data. Default value is 2055.

To set the NetFlow collection port:

  1. Go to Settings > NetFlow Settings > Configuration tab
  2. Type a new value in Collection port field
  3. Click Save.

On this page:

Checking the System

Now is a good time to check if the system is working properly.

To do so, follow these steps:

  1. Check if the Collection port is set properly
    To see the Collection port number, go to Settings > NetFlow Settings > Configuration tab, and you will find the Service socket port field. Collection port number must match with the port number your network devices are exporting the netflow data to.
  2. Make sure NetFlow data is collected
    Go to TopN > System tab. Packets tab shows if netflow UDP packets are received and Flows chart shows how many flows have been exported to NetVizura sever

  3. Check the system for warnings or errors.
    Click on the Show log arrow (in the bottom right corner). Any warnings or errors will be displayed as well as the instruction to resolve them. 

  4. Finally, check if the network statistics are available
    Go to TopN > All Exporters tab. Network statistics should be shown on the graphs, this is a verification that the network statistic data has been collected by the NetFlow Collector and that the data has been processed by NetFlow Aggregator.
    (info) Note that it may take up to 5 minutes to see traffic from an new exporter. This is the minimum time needed for the application to create the finest sample of traffic statistic

 

 

 

 

 

To learn more about system settings in general, go to chapter NetFlow Module Settings.

All other settings you do not need to set right away. However, you should get back to them once you get to know NetFlow Analyzer a little better and fine-tune the behaviour of your system.

Setting End User Traffic (Optionally)

Besides general network traffic (Exporters, Traffic Patterns and Subnets Sets), it is also possible to setup viewing of the traffic made by organization end users (Windows domain usernames).

To setup this traffic:

  1. Check if the Collection port is set properly
    To see the Collection port number, go to Settings > NetFlow Settings > Configuration tab, and you will find the Service socket port field. End users collection port number must match with the port number your Syslog agent is exporting the logon syslog messages to.

  2. Add new End User filter for syslog messages (if needed)

    If filter for your Syslog agent is not provided with NetVizura by default, you should create your own in order to successfully authenticate users (map username to an IP address at specific time). It is done at Settings > NetFlow Settings > End Users tab.

  3. Finally, check if the network statistics are available
    Go to TopN > End Users tab. Network statistics should be shown on the graphs, this is a verification that the network statistic data has been collected by the NetFlow Collector and that the data has been processed by NetFlow Aggregator.
    (info) Note that it may take up to 5 minutes to see traffic from an new exporter. This is the minimum time needed for the application to create the finest sample of traffic statistic.

 

 

 

 

 

 

Read more about how to setup custom End User filter in the the article Configuring End Users.

  • No labels