Installing the D42 Netflow Collector as a Service

The Device42 Netflow Collector

The Device42 Netflow collector is a self-contained, portable utility that allows collects netflow data, analyzes it, and sends it to your Device42 instance to enhance application dependency mapping discovery. The data Device42 gets from Netflow is used to augment data gathered via Device42’s other auto-discovery methods (e.g. SNMP, WMI / WinRM for Windows, SSH for Linux, etc.), producing a comprehensive map of your infrastructure including accurate details and important inter-relationships — and all of this without the need to configure expensive span or mirror ports!

Netflow Collector Architecture High Level Overview:

  1. The NetFlow exporter: Your network devices are the ‘source’ of NetFlow messages
  2. The NetFlow collector: Device42’s Netflow Collector [Download it here] serves as the receiver and pre-processor of NetFlow messages from your network devices
  3. The netflow analyzer: Device42 itself, which aggregates & analyzes Netflow messages from all of your NetFlow exporting devices

System Requirements

  • A Windows or Linux 64-bit Operating System
  • At least 6GB of RAM is recommended.

HowTo Install the D42 Netflow Collector as a Windows or Linux Service

To install D42Netflow as a service:

  1. Download and extract d42-netflow-collector-v200.zip from the Device42 autodiscovery download page, unzip it, and copy the 64-bit executable to the directory of your choice. For Windows 64-bit, c:program files is a good choice; for Linux, /usr/bin/ is commonly used. We renamed the 64-bit binary and copied it to “C:Program Filesd42-netflowd42-netflow64.exe”. [note: we do not recommend using the 32-bit binary due to RAM limitations inherent in 32bit]

  2. Ensure the Windows / Linux Firewall is allowing NetFlow traffic on port 2055/udp by opening your firewall control panel via start menu → Control Panel → System and Security → Windows Defender Firewall → Allow an app or feature through Windows Defender Firewall:

    Allow D42Netflow through Windows Firewall

On Linux:

$ sudo firewall-cmd --zone=public --add-port=2055/udp --permanent
$ sudo firewall-cmd --reload

Install the service

On Windows:
Run CMD as an administrator by typing ‘cmd’ into the start menu, right clicking, and selecting “Run as administrator”

In your administrative command prompt, run the following to register the downloaded netflow collector. Be sure to provide the full path to the binary, and for clarity, name the service “D42Netflow”:

![Head to Control Panel, Windows Defender Firewall](/home/device42/Desktop/images/installation/install-netflow-collector-service/Windows Defender Firewall.png)

Create D42Netflow Windows Service

    $ sc create D42Netflow binPath="c:pathtobinarywindows_x64.exe -h *ma_url* -u *username* -p *password* -i *Interval*" 

After executing the above, you can see your new service in the services control panel (services.msc):

See D42Netflow in services.msc

The CMD string parameters:

ServiceName = D42Netflow - the service will be registered with this name
binPath = path to binary
-h = URL of Device42 main appliance
-u = Device42 username
-p = Device42 password
-i = flow delivery interval to D42 MA in seconds (60 seconds is a good starting point)

On Linux / SystemD:
Create file /etc/systemd/system/netflow.service containing the following:

## SystemD

[Unit]
Description=NetFlow Service

[Service]
PIDFile=/tmp/netflow.pid
User=root
Group=root
WorkingDirectory=/opt/rc/services
ExecStart=/opt/rc/services/netflow -h https://ma.host.domain -u username    -p password -i 30
Restart=always

[Install]
WantedBy=multi-user.target
  1. You’re all set! Start the service:
    On Windows:
    Run service manger (services.msc), right click D42Netflow, and choose Properties. In the modal Window, you’ll likely want to set the ‘Startup Mode” to Automatic, and then press “Start” to start D42Netflow:
    Set D42Netflow service start as automatic

On Linux:

Set the service as executable:
$ chmod +x /opt/rc/services/netflow
Set the service to start automatically:
$ systemctl enable netflow
Start the service:
$ systemctl restart netflow