Export Netflow from Windows Server to LogicMonitor

Recommended Posts

  • LogicMonitor Staff

Exporting Netflow from Windows with FlowTraq Exporter

NetFlow is an industry standard network protocol for monitoring traffic flows across a network interface. It is used most commonly by devices like firewalls, routers, and switches, but some software packages make it possible to export Netflow data from a server operating system - in this case Windows - to a Netflow collector (LogicMonitor) for traffic analysis.


1.) Register for and download the free FlowTraq Exporter.

2.) Download WinPcap (Windows packet capture library).

3.) Install WinPcap on the server you wish to export Netflow data from.

4.) Install and configure Flowtraq Exporter on the server you wish to export Netflow data from.

  • - Select an interface from which to export Netflow data on the server.
  • - Point the Netflow export data to the LogicMonitor Collector that will be monitoring the device and ingesting the flow data.
  • - The LogicMonitor collector listens for Netflow on port 2055 out-of-box.

5.) Stop the Windows service "ProQueSys Flow Export."


6.) Edit the configuration file located at "C:\Program Files (x86)\ProQueSys\Exporter\flowexport.conf"

  • - Change the bit that says "nf9" to "nf5" to export Netflow in a compatible format.


7.) Start the Windows service 'ProQueSys Flow Export.'

8.) Make sure the device is in LogicMonitor and has Netflow collection enabled, pointing to the correct collector.

9.) Give LogicMonitor 5-10 minutes to start processing the flow traffic and soon you'll have some flow data on the device Traffic tab

Edited by Kerry DeVilbiss
bullet points
Link to post
Share on other sites
  • 6 months later...

Are there any trouble shooting steps? I have installed both Winpcap and confirmed it is running and getting traffic by using the winpcapdump. The Server has LogicMonitor installed on it so the Flow Exporter is pointing to local host port 2055 (default I think) and the collector is set to get netflow data, but no data is showing in the Traffic tab. Is there something else I can look at? Also I did change the config file to use nf5 and not nf9. I've also tried to change localhost in the file to the IP of the interface. 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.