Search the Community

Showing results for tags 'netflow'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • LogicModule Exchange
    • LM Exchange
    • LM Staff Contributions
  • Product Announcements
    • LogicMonitor Notices
  • LogicMonitor Product Q&A
    • Feature Requests
    • Ask the Community
    • From the Front

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Found 14 results

  1. There have definitely been improvements in Netflow since I first started with LM, which I appreciate. However, the query mechanism is still quite rudimentary compared to free tools (like NfSen (for example). Please add an "advanced" query option where a tcpdump-style query can be created (and saved for later). As a bonus, PLEASE make it possible to have saved queries generate alerts over a specified timeframe.
  2. Exporting Netflow from Windows with FlowTraq Exporter NetFlow is an industry standard network protocol for monitoring traffic flows across a network interface. It is used most commonly by devices like firewalls, routers, and switches, but some software packages make it possible to export Netflow data from a server operating system - in this case Windows - to a Netflow collector (LogicMonitor) for traffic analysis. Instructions 1.) Register for and download the free FlowTraq Exporter. 2.) Download WinPcap (Windows packet capture library). 3.) Install WinPcap on the server you wish to export Netflow data from. 4.) Install and configure Flowtraq Exporter on the server you wish to export Netflow data from. - Select an interface from which to export Netflow data on the server. - Point the Netflow export data to the LogicMonitor Collector that will be monitoring the device and ingesting the flow data. - The LogicMonitor collector listens for Netflow on port 2055 out-of-box. 5.) Stop the Windows service "ProQueSys Flow Export." 6.) Edit the configuration file located at "C:\Program Files (x86)\ProQueSys\Exporter\flowexport.conf" - Change the bit that says "nf9" to "nf5" to export Netflow in a compatible format. 7.) Start the Windows service 'ProQueSys Flow Export.' 8.) Make sure the device is in LogicMonitor and has Netflow collection enabled, pointing to the correct collector. 9.) Give LogicMonitor 5-10 minutes to start processing the flow traffic and soon you'll have some flow data on the device Traffic tab.
  3. LanceiT1

    SonicWall and Netflow

    Hello! Our team is attempting to setup Netflow for SonicWall devices unfortunately there is little in the way of documentation on how to setup Netflow on these devices. Would anyone here have any insight that they would be willing to share in order to use LogicMonitor Netflow with SonicWall devices?
  4. Exporting Netflow from Linux with softflowd NetFlow is an industry standard network protocol for monitoring traffic flows across a network interface. It is used most commonly by devices like firewalls, routers, and switches, but some software packages make it possible to export Netflow data from a server operating system - in this case Linux (with softflowd) - to a Netflow collector (LogicMonitor) for traffic analysis. Ubuntu Documentation here: http://manpages.ubuntu.com/manpages/xenial/man8/softflowd.8.html The following assumes you have an Ubuntu device in your portal which you can access with sudoer permissions. It also assumes Netflow has been enabled for the device and the collector in question. Install softflowd: sudo apt-get install softflowd Open /etc/default/softflowd for editing: sudo nano /etc/default/softflowd Set the value for INTERFACE and add the destination ip:port (<collectorIP>:2055) under OPTIONS. Other options are available, check the link above for full documentation. # # configuration for softflowd # # note: softflowd will not start without an interface configured. # The interface softflowd listens on. You may also use "any" to listen # on all interfaces. INTERFACE="eth0" # Further options for softflowd, see "man softflowd" for details. # You should at least define a host and a port where the accounting # datagrams should be sent to, e.g. # OPTIONS="-n 127.0.0.1:9995" OPTIONS="-n 192.168.170.130:2055" Save your changes by pressing Ctrl-O, then exit nano by pressing Ctrl-X. Restart softflowd. sudo service softflowd restart Add a rule to the firewall to allow traffic on 2055. sudo ufw allow 2055 CentOs This is a bit more work since you can't just install a package; you'll need to download the source and compile. Most of the information here comes from https://www.scribd.com/doc/199440303/Cacti-Netflow-Collector-Flowview-and-Softflowd More good info: https://thwack.solarwinds.com/thread/59620 Check to see if you have the compiler installed. which gcc If you don't get /usr/bin/gcc as the response, you'll need to install it. sudo yum install gcc Install libpcap-devel (you'll need this to compile softflowd). sudo yum install libpcap-devel Download the softflowd source. wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/softflowd/softflowd-0.9.9.tar.gz Make sure you're in the directory where you saved the download, then untar the dowloaded source files. tar -xzvf softflowd-0.9.9.tar.gz Switch to the softflowd directory, then run the commands to compile and install it. cd softflowd-0.9.9 ./configure make make install Now we want to have softflowd start when the system boots. We'll need to add a line to the end of /etc/rc.d/rc.local. Use your device's interface after -i and your collector's IP address after -n. sudo nano /etc/rc.d/rc.local <add the following line to the end of the file> /usr/local/sbin/softflowd -i eth0 -n 10.13.37.111:2055 Save your changes with Ctrl-O, exit nano with Ctrl-X. Make sure /etc/rc.d/rc.local is executable. sudo chmod +x /etc/rc.d/rc.local Open port 2055 in the firewall so the collector can receive the data. sudo firewalld-cmd --zone=public --add-port=2055/tcp --permanent Reboot the machine for all changes to take effect. *Original guide courtesy of @Kurt Huffman at LogicMonitor
  5. I need to have a report setup to give me an analysis from netflow. I currently only see top talkers but would like it to show all IP users on the LAN. Spoke to support and they asked me to ask here.
  6. Todd Theoret

    Meraki - NetFlow

    Has LogicMonitor made any adjustments to support how Meraki sends NetFlow traffic?
  7. The current net flow reporting capabilities are very limited, even if the required net flow data will be delivered by the end devices. I.e. I'm trying to report all traffic for udp port 53 pointing to a specific device; or I'd like to combine search criteria, like a specific source and destination IP addresses using a specific port. All this information will be exported by the end devices to the net flow collector, but it's not possible to report or filter on this. Why not? This option would be very useful for analysing specific traffic between two locations, systems, etc. Today, we just get the top ten talkers and the top 20 flows... I.e. if roughly 60% of the traffic is outlined as "others" you'd like to get a chance to dive into this part of the overall traffic, correct?
  8. A suggestion to make Netflow more user friendly, translate port numbers using the IANA service names for port numbers. https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
  9. Please add option to enable or disable Netflow at group level, and then have it be applied to all child devices of a group. We have thousands of network devices.
  10. Todd Theoret

    NetFlow - Meraki MX100

    What needs to be tweaked to get NetFlow working on a Meraki MX100? The NetFlow v9 Template is failing due to missing fields. Both MX100 and LogicMonitor Collector are running the latest code. I have NetFlow running successfully on many ASA's so I am familiar with the overall NetFlow requirements. Thanks in-advance for any assistance!
  11. Need support for IPFIX flows coming out of VMWARE v10. v10 does not use v5 or 9 flows.
  12. Support for Viptela Netflow monitoring using IPfix open standard
  13. Working through best practice of creating collector dashboards. The various data collecting tasks provide a wealth of info that can be customized as desired into widgets for such a dashboard. But there doesn't seem to be anything that can provide visibility into the underlying collector mechanisms (tasks, processes, thread, cpu, mem, etc) that support netflow operation. Would probably be nice to be able to see such info, and to be able to put it onto a collector dashboard particularly since its best to pipe netflow to a dedicated collector.
  14. Hi, The netflow report on instances is great but even though I spend the time naming the details of the sources, destinations and port's in the traffic tab, the report only shows IP addresses and port numbers which is unhelpful. Having the naming transferred to the report would be very beneficial. Thanks.