Date: Fri, 29 Mar 2024 15:23:19 +0100 (CET) Message-ID: <933945972.8298.1711722199353@ubuntu-16gb-nbg1-1> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_8297_1565727671.1711722199352" ------=_Part_8297_1565727671.1711722199352 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
When you start the NetFlow Analyzer for the first time, you need to set = NetFlow collection port before you can see traffic.
NetFlow collection port is a port on NetViz= ura server listening for NetFlow traffic exported by netw= ork devices. You need to set exporting port= number on all your network devices to match NetFlow collection p= ort. Default port number is 2055.
To set the NetFlow collection port:
Now is a good time to check if the system is working properly.
To do so, follow these steps:
Check the system for warnings or errors.
Click on the Show log arrow (in the bottom righ=
t corner). Any warnings or errors will be displayed as we=
ll as the instruction to resolve them.
Finally, check if the network traffic is available
Go to TopN > All Exporters tab. Network traf=
fic should be shown on the graphs, this is a verification that the net=
work traffic data has been collected by the NetFlow Collector and that=
the data has been processed by NetFlow Aggregator.
:information: Note that it may take up to 10 minutes to see traffic from= a new exporter. This is the time needed for the application to create the = finest sample of traffic.
To learn more about system settings in general, go to chapter System Settings (NFA).
All other settings you do not need to set right away. However, you = should get back to them once you get to know NetFlow Analyzer a little bett= er and fine-tune the behaviour of your system.
In addition to general network traffic (Exporters, Traffic Patterns and = Subnets Sets), you can view traffic made by organization end users (domain = usernames).
To set this traffic:
Update existing or add new End User mapping rule
If you use Snare as your Syslog agent, then=
you can use one of the provided mapping rules. In this case, just update Source IP field, verify if rule is matching users and chang=
e status to Active. To do so, go to > Settings > NetFlow Settings > End U=
sers.
If rule f=
or your Syslog agent is not provided with NetVizura by default, you should =
create your own rule in order to successfully map users=
(link username with an IP address at specific time). Read more about=
how to set custom End User mapping rule in the the article End User Settings.
:information: Note that it may take up to 10 minut= es to see traffic for a new user. This is the time n= eeded for the application to create the finest sample of traffic.
Specifying too broad subnet in the Source IP field migh= t result in performance penalty. For best results consider changing Source = IP to more specific value or concrete IP address.