Search the Community

Showing results for tags 'netflow'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • From LogicMonitor
    • General Announcements
    • LM Staff Contributions
    • Community Events
  • LogicMonitor Product Discussion
    • Feature Requests
    • LM Exchange
    • Ask the Community

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



About Me

Found 15 results

  1. The current net flow reporting capabilities are very limited, even if the required net flow data will be delivered by the end devices. I.e. I'm trying to report all traffic for udp port 53 pointing to a specific device; or I'd like to combine search criteria, like a specific source and destination IP addresses using a specific port. All this information will be exported by the end devices to the net flow collector, but it's not possible to report or filter on this. Why not? This option would be very useful for analysing specific traffic between two locations, systems, etc. Today, we just get the top ten talkers and the top 20 flows... I.e. if roughly 60% of the traffic is outlined as "others" you'd like to get a chance to dive into this part of the overall traffic, correct?
  2. I was wondering if the NetFlow reports for network devices shows the total bytes sent/received for that device during the report period. My CSV has sections for top "x" items, but not sure how to get the remaining "other" items in there. Maybe summing the QoS table will provide the total bytes in/out for the period?
  3. There have definitely been improvements in Netflow since I first started with LM, which I appreciate. However, the query mechanism is still quite rudimentary compared to free tools (like NfSen (for example). Please add an "advanced" query option where a tcpdump-style query can be created (and saved for later). As a bonus, PLEASE make it possible to have saved queries generate alerts over a specified timeframe.
  4. Hello! Our team is attempting to setup Netflow for SonicWall devices unfortunately there is little in the way of documentation on how to setup Netflow on these devices. Would anyone here have any insight that they would be willing to share in order to use LogicMonitor Netflow with SonicWall devices?
  5. Exporting Netflow from Linux with softflowd NetFlow is an industry standard network protocol for monitoring traffic flows across a network interface. It is used most commonly by devices like firewalls, routers, and switches, but some software packages make it possible to export Netflow data from a server operating system - in this case Linux (with softflowd) - to a Netflow collector (LogicMonitor) for traffic analysis. Ubuntu Documentation here: The following assumes you have an Ubuntu device in your portal which you can access with sudoer permissions. It also assumes Netflow has been enabled for the device and the collector in question. Install softflowd: sudo apt-get install softflowd Open /etc/default/softflowd for editing: sudo nano /etc/default/softflowd Set the value for INTERFACE and add the destination ip:port (<collectorIP>:2055) under OPTIONS. Other options are available, check the link above for full documentation. # # configuration for softflowd # # note: softflowd will not start without an interface configured. # The interface softflowd listens on. You may also use "any" to listen # on all interfaces. INTERFACE="eth0" # Further options for softflowd, see "man softflowd" for details. # You should at least define a host and a port where the accounting # datagrams should be sent to, e.g. # OPTIONS="-n" OPTIONS="-n" Save your changes by pressing Ctrl-O, then exit nano by pressing Ctrl-X. Restart softflowd. sudo service softflowd restart Add a rule to the firewall to allow traffic on 2055. sudo ufw allow 2055 CentOs This is a bit more work since you can't just install a package; you'll need to download the source and compile. Most of the information here comes from More good info: Check to see if you have the compiler installed. which gcc If you don't get /usr/bin/gcc as the response, you'll need to install it. sudo yum install gcc Install libpcap-devel (you'll need this to compile softflowd). sudo yum install libpcap-devel Download the softflowd source. wget Make sure you're in the directory where you saved the download, then untar the dowloaded source files. tar -xzvf softflowd-0.9.9.tar.gz Switch to the softflowd directory, then run the commands to compile and install it. cd softflowd-0.9.9 ./configure make make install Now we want to have softflowd start when the system boots. We'll need to add a line to the end of /etc/rc.d/rc.local. Use your device's interface after -i and your collector's IP address after -n. sudo nano /etc/rc.d/rc.local <add the following line to the end of the file> /usr/local/sbin/softflowd -i eth0 -n Save your changes with Ctrl-O, exit nano with Ctrl-X. Make sure /etc/rc.d/rc.local is executable. sudo chmod +x /etc/rc.d/rc.local Open port 2055 in the firewall so the collector can receive the data. sudo firewalld-cmd --zone=public --add-port=2055/tcp --permanent Reboot the machine for all changes to take effect. *Original guide courtesy of @Kurt Huffman at LogicMonitor
  6. I would like to see the addition of Network Based Application Recognition (NBAR). LM should be able to ingest this as an available standard output of Flexible Netflow on applicable Cisco devices. This can be seen here : Deep packet payload inspection allows easier identification of the types of services and applications operating on the network. Thanks!
  7. I need to have a report setup to give me an analysis from netflow. I currently only see top talkers but would like it to show all IP users on the LAN. Spoke to support and they asked me to ask here.
  8. Has LogicMonitor made any adjustments to support how Meraki sends NetFlow traffic?
  9. A suggestion to make Netflow more user friendly, translate port numbers using the IANA service names for port numbers.
  10. Please add option to enable or disable Netflow at group level, and then have it be applied to all child devices of a group. We have thousands of network devices.
  11. What needs to be tweaked to get NetFlow working on a Meraki MX100? The NetFlow v9 Template is failing due to missing fields. Both MX100 and LogicMonitor Collector are running the latest code. I have NetFlow running successfully on many ASA's so I am familiar with the overall NetFlow requirements. Thanks in-advance for any assistance!
  12. Need support for IPFIX flows coming out of VMWARE v10. v10 does not use v5 or 9 flows.
  13. Support for Viptela Netflow monitoring using IPfix open standard
  14. Working through best practice of creating collector dashboards. The various data collecting tasks provide a wealth of info that can be customized as desired into widgets for such a dashboard. But there doesn't seem to be anything that can provide visibility into the underlying collector mechanisms (tasks, processes, thread, cpu, mem, etc) that support netflow operation. Would probably be nice to be able to see such info, and to be able to put it onto a collector dashboard particularly since its best to pipe netflow to a dedicated collector.
  15. Hi, The netflow report on instances is great but even though I spend the time naming the details of the sources, destinations and port's in the traffic tab, the report only shows IP addresses and port numbers which is unhelpful. Having the naming transferred to the report would be very beneficial. Thanks.