NetFlow Collector – Device42
Device42’s NetFlow Collector is a powerful tool used to add continuously discovered network communications details to the autodiscovered information from your environment.
Both the Device42 Remote Collector (RC) and the Standalone NetFlow Collector are available to collect NetFlow data. If you’re just now setting up your first Device42 collector, we recommend setting up an RC – you don’t need both – see Installation below.
Supported NetFlow Versions
Device42 supports NetFlow data in any of the following versions: v1, v5, v6, v7, v9, and IPFIX (an IETF-defined, open-flow standard).
Both the Device42 RC and the standalone NetFlow collector are available for downloaded on the autodiscovery tools download page at https://www.device42.com/autodiscovery/. Choose one or the other to get started. If you’re just now setting up your first Device42 collector, a Device42 Remote Collector is the recommended option (you don’t need both).
If you already have one or more Device42 remote collectors running, you may want to simply enable NetFlow collection on an existing RC instance; If this is the case, start with Step 2 in the next section.
Installing the Device42 RC for NetFlow Collection
- To install the Device42 Remote Collector for NetFlow collection, see the “RC Installation and Configuration” section of the Device42 RC documentation page. After installation, return to this page to complete NetFlow Configuration for your RC.
- Enable NetFlow collection on your newly installed Device42 RC from the Device42 main menu, Discovery –> Remote Collectors and clicking the ID of the Remote Collector you want to use for NetFlow collection:
- You should now be at the “View remote collector” screen. Click the “Edit” button in the upper-right hand corner to edit the options for your RC, and expand the section labeled “NetFlow Options” by clicking pm “Show”, as pictured:
- To enable NetFlow, Check the “Enable Netflow” checkbox [Labeled #1 below]. Choose a “Default Protocol” (either TCP or UDP, labeled #2 below] if you’ll be using one or the other (otherwise traffic without a protocol will be ignored). You may optionally configure IPs to ignore, ports to ignore, or a NetFlow Forwarding IP address by utilizing the other available options on this screen, but this will not be necessary for many setups. Choose “Save” in the lower-right hand corner [#3 below], and your RC is now configured for NetFlow collection!
- The final step is the ensure all your NetFlow generating devices are sending their NetFlows to the Device42 RC you just configured. If you haven’t configured that already, do that now. This procedure will differ depending on the hardware you are using. Consult the manufacturer’s directions for help should you need it.
Installing the Device42 Standalone NetFlow Collector
The Standalone NetFlow Collector doesn’t require any installation; it can simply be run from the command line.
Running the Standalone NetFlow Collector
To run the collector, open a command prompt and navigate to the directory it’s stored in. Run the collector as follows:
d42-netflow-collector-windows-v100.exe -h https://yourdevice42url -u D42UserName -p D42Password
This will start the listener on port 2055 (unless a different port is specified) and will begin collecting the data sent to this device from your NetFlow-enabled devices. Ensure you’ve pointed your switches and/or other NetFlow enabled devices you are using at this NetFlow collector. Each device’s NetFlow output should be the IP address of the server you have running the Device42 NetFlow collector.
Standalone NetFlow Collector Options
The following options are available to augment the behavior of
-addr string | netflow listen address (default "0.0.0.0:2055") -debug | show netflow info -h string | D42 host name -i int | interval in seconds between sends data to D42 (default 300) -ignore-ip string | ignore IPs -ignore-port string | ignore ports -live-entries | display live entries -live-entries-nok | display OK live entries -live-entries-ok | display NOK live entries -p string | D42 password -print-data | prints data -u string | D42 username
The NetFlow collector will capture and send data to Device42 in 5-minute increments [by default]. You may customize this interval using the -i command switch.
Device42 will attempt to associate the data it receives with known services (services known to Device42). If there are no services with which to associate the collected data, Device42 will retain one million rows of the most recent data, discarding the oldest information as needed. The data in this million-row buffer is matched against as new services are discovered.
Please contact Device42 today for a demo license. Email [email protected] to take NetFlow for a spin today!