Kerry DeVilbiss

Export Netflow from Windows Server to LogicMonitor

Recommended Posts

Exporting Netflow from Windows with FlowTraq Exporter

NetFlow is an industry standard network protocol for monitoring traffic flows across a network interface. It is used most commonly by devices like firewalls, routers, and switches, but some software packages make it possible to export Netflow data from a server operating system - in this case Windows - to a Netflow collector (LogicMonitor) for traffic analysis.

Instructions

1.) Register for and download the free FlowTraq Exporter.

2.) Download WinPcap (Windows packet capture library).

3.) Install WinPcap on the server you wish to export Netflow data from.

4.) Install and configure Flowtraq Exporter on the server you wish to export Netflow data from.

  • - Select an interface from which to export Netflow data on the server.
  • - Point the Netflow export data to the LogicMonitor Collector that will be monitoring the device and ingesting the flow data.
  • - The LogicMonitor collector listens for Netflow on port 2055 out-of-box.

5.) Stop the Windows service "ProQueSys Flow Export."

windows-netflow-service.png.104ff86dab6838ee7c0e348b044f381b.png

6.) Edit the configuration file located at "C:\Program Files (x86)\ProQueSys\Exporter\flowexport.conf"

  • - Change the bit that says "nf9" to "nf5" to export Netflow in a compatible format.

windows-netflow-config.png.2e442c6ff1bcee141345a4ae194dcd9e.png

7.) Start the Windows service 'ProQueSys Flow Export.'

8.) Make sure the device is in LogicMonitor and has Netflow collection enabled, pointing to the correct collector.

9.) Give LogicMonitor 5-10 minutes to start processing the flow traffic and soon you'll have some flow data on the device Traffic tab

Edited by Kerry DeVilbiss
bullet points

Share this post


Link to post
Share on other sites

Are there any trouble shooting steps? I have installed both Winpcap and confirmed it is running and getting traffic by using the winpcapdump. The Server has LogicMonitor installed on it so the Flow Exporter is pointing to local host port 2055 (default I think) and the collector is set to get netflow data, but no data is showing in the Traffic tab. Is there something else I can look at? Also I did change the config file to use nf5 and not nf9. I've also tried to change localhost in the file to the IP of the interface. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now