Skip to main content

NetFlow Collector - Device42

The Device42 NetFlow Collector is a powerful tool that adds continuously discovered network communications details to autodiscovered information from your environment.

Both the Device42 Remote Collector (RC) and the standalone NetFlow Collector can collect NetFlow data. If you're setting up your first Device42 collector, we recommend setting up an RC first because you don't need both.

The sections below detail installing the Device42 RC for NetFlow collection and installing the standalone NetFlow Collector.

Supported NetFlow Versions

Device42 supports NetFlow data for versions v1, v5, v6, v7, v9, and IPFIX (an IETF-defined, open-flow standard).

Installation

Download the Device42 RC or the standalone NetFlow collector from the Autodiscovery tools page at https://www.device42.com/autodiscovery/.

If you haven't set up a Device42 RC yet, we recommend installing the RC for Netflow collection. Proceed to Step 1 in the next section.

If you already have one or more Device42 remote collectors running, simply enable NetFlow collection on an existing RC instance. Proceed to Step 2 in the next section.

Install the Device42 RC for NetFlow Collection

  1. To install the Device42 Remote Collector for NetFlow collection, follow the RC Installation and Configuration instructions on the Remote Collector (RC) page. After installation, return to this page to complete NetFlow Configuration for your RC.

  2. Enable NetFlow collection on your newly installed Device42 RC from the Device42 main menu, under Discovery > Remote Collectors. Click the name of the RC you want to use for NetFlow collection.

    Select RCSelect RC

  3. From the View remote collector screen, click the Edit button in the upper right-hand corner. Scroll down to the NetFlow options.

    Edit RCEdit RC

  4. Configure the NetFlow options:

    • Check the Enable NetFlow checkbox.
    • Default Protocol: Choose TCP or UDP if you'll be using one or the other; otherwise, traffic without a protocol will be ignored.
    • You can optionally configure IPs to ignore, Ports to ignore, and an IP address to Forward netFlow traffic to, although these settings aren't necessary for many setups.
    • Click Save in the lower right-hand corner; your RC is now configured for NetFlow collection.
    Configure NetFlow optionsConfigure NetFlow options

  5. Finally, ensure all your NetFlow generating devices are sending their NetFlows to the Device42 RC you just configured. If you haven't configured that already, do that now. This procedure will differ depending on the hardware you are using. Consult the manufacturer's directions for help should you need it.

Install the Device42 Standalone NetFlow Collector

The Standalone NetFlow Collector doesn't require any installation; it can simply be run from the command line.

Run the Standalone NetFlow Collector

To run the collector, open a command prompt and navigate to the directory it's stored in. Run the collector as follows:

d42-netflow-collector-windows-v100.exe -h https://yourdevice42url -u D42UserName -p D42Password

This will start the listener on port 2055 (unless a different port is specified) and will begin collecting the data sent to this device from your NetFlow-enabled devices. Ensure you've pointed your switches and/or other NetFlow-enabled devices you are using at this NetFlow collector. Each device's NetFlow output should be the IP address of the server you have running the Device42 NetFlow collector.

Standalone NetFlow Collector Options

The following options are available to augment the behavior of d42-netflow-collector-windows-v100.exe:

Click to expand the code block
-addr string    |  netflow listen address (default "0.0.0.0:2055")
-debug          |  show netflow info
-h string       |  D42 hostname
-i int          |  interval in seconds between sends data to D42 (default 300)
-ignore-ip string   |  ignore IPs
-ignore-port string     |  ignore ports
-live-entries   |  display live entries
-live-entries-nok   |  display OK live entries
-live-entries-ok    |  display NOK live entries
-p string       |  D42 password
-print-data         |  prints data
-u string       |  D42 username

The NetFlow collector will capture and send data to Device42 in 5-minute increments by default. You may customize this interval using the -i command switch.

Device42 will attempt to associate the data it receives with services known to Device42. If there are no services with which to associate the collected data, Device42 will retain one million rows of the most recent data, discarding the oldest information as needed. As new services are discovered, data is matched against this million-row buffer.

Licensing

Please contact Device42 today for a demo license. Email support@device42.com to take NetFlow for a spin today!