Device42 NetFlow Collector - Install as a Service
The Device42 NetFlow Collector
The Device42 NetFlow collector is a self-contained, portable utility that collects NetFlow data, analyzes it, and sends it to your Device42 instance to enhance application dependency mapping discovery. The data Device42 gets from NetFlow is used to augment data gathered via Device42’s other autodiscovery methods (for example, SNMP, WMI or WinRM for Windows, SSH for Linux), producing a comprehensive map of your infrastructure including accurate details and important inter-relationships without the need to configure expensive span or mirror ports!
Device42 Remote Collectors (RCs) include built-in NetFlow Collector functionality. Device42 recommends using the RC NetFlow Collector rather than the standalone collector if possible in your environment. For more information about the RC NetFlow Collector, see NetFlow Collector.
NetFlow Collector Architecture High-Level Overview:
- The NetFlow exporter: Your network devices are the 'source' of NetFlow messages
- The NetFlow collector: The Device42 NetFlow Collector serves as the receiver and pre-processor of NetFlow messages from your network devices
- The NetFlow analyzer: Device42 itself, aggregates and analyzes NetFlow messages from all your NetFlow exporting devices
System Requirements
- A Windows or Linux 64-bit operating system
- At least 6 GB of RAM is recommended
How To Install the Device42 NetFlow Collector as a Windows or Linux Service
To install Device42 NetFlow as a service:
- Download and extract
d42-netflow-collector-v200.zipfrom the Device42 Autodiscovery tools page, unzip it, and copy the 64-bit executable to the directory of your choice:- For Windows 64-bit,
c:program filesis a good choice. - For Linux,
/usr/bin/is commonly used. We renamed the 64-bit binary and copied it toC:Program Filesd42-netflowd42-netflow64.exe. We do not recommend using the 32-bit binary due to RAM limitations inherent in 32-bit.
- For Windows 64-bit,
- Ensure the Windows or Linux firewall allows NetFlow traffic on port 2055/UDP:
- On Linux, run the commands:
$ sudo firewall-cmd --zone=public --add-port=2055/udp --permanent
$ sudo firewall-cmd --reload- On Windows, open your firewall control panel under Control Panel > System and Security > Windows Defender Firewall and click Allow another app or feature through Windows Defender Firewall.
Install the Service
On Windows
Run CMD as an administrator by typing "cmd" in the start menu, right-clicking, and selecting Run as administrator.
In your administrative command prompt, run the following to register the downloaded NetFlow collector. Provide the full path to the binary and name the service "D42NetFlow" for clarity:
$ sc create D42NetFlow binPath="c:pathtobinarywindows\_x64.exe -h \*ma\_url\* -u \*username\* -p \*password\* -i \*Interval\*"
Where the string parameters are:
ServiceName: "D42NetFlow". The service will be registered with this name.binPath: Path to binary-h: URL of Device42 Main Appliance-u: Device42 username-p: Device42 password-i: Flow delivery interval to Device42 MA in seconds (60 seconds is a good starting point)
After executing the above command, you'll see your new service in the services control panel (services.msc):
On Linux Using systemd
Create a file /etc/systemd/system/netflow.service containing the following:
Click to expand the code block
## systemd
[Unit]
Description=NetFlow Service
[Service]
PIDFile=/tmp/netflow.pid
User=root
Group=root
WorkingDirectory=/opt/rc/services
ExecStart=/opt/rc/services/netflow -h https://ma.host.domain -u username -p password -i 30
Restart=always
[Install]
WantedBy=multi-user.target
Start the Service
On Windows:
- Run the service manager (services.msc)
- Right-click D42NetFlow
- Choose Properties
- In the modal window, set the Startup Mode to "Automatic"
- click Start to start D42NetFlow:
On Linux:
Run the following commands.
Set the service as executable:
$ chmod +x /opt/rc/services/netflow
Set the service to start automatically:
$ systemctl enable netflow
Start the service:
$ systemctl restart netflow