Child pages
  • Router basic configuration for opFlow
Skip to end of metadata
Go to start of metadata

Netflow Daemon Listening UDP Port

Since version 3 of opFlow the default listening port is the more-or-less standard port 9995; for instructing nfdump/nfcapd to use a different port see the opFlow 3 Installation Guide.
(In legacy version 2.x, a different flow collector was used, and the default port was 12345; instructions for changing that can be found in the opFlow 2.x Installation Guide.

Sample Cisco Netflow Configuration

The following is a basic Cisco Router configuration for telling the router to send Netflow data to the opFlow.

 

 

Sample Juniper J-Flow Configuration for SRX

J-FLow version 5 example (IPV4 only)

To keep things simple if you are only looking at IPV4 traffic then use Version 5 J-Flow example below.  As shown

 

 

J-FLow version 9

J-FLow version 9 supports other protocols such as IPV6 and MPLS .  To get good results we recommend you still only use a template for IPV4 with Version 9.  There are some subtle differences with the SRX models for the config so please refer to J-Flow SRX version 9 Config Examples

More Details on Configuring your Cisco Router

For reference: http://www.cisco.com/en/US/docs/ios/12_3t/netflow/command/reference/nfl_a1gt_ps5207_TSD_Products_Command_Reference_Chapter.html#wp1160995

I will discuss a very basic configuration.

On the interface you want to collect flow traffic from, add:

 

ip flow ingress
ip flow egress

 

Now that you have an interface setup to gather netflow information you have to tell the router to send it somewhere:

 

ip flow-export version 9
# replace the ip address in the following line with your VM's ip address
ip flow-export destination 192.168.0.10 12345

 

If you enable that configuration netflow traffic should now be sent to your VM.

By default netflow will send information about flows after they are finished, if you would like to see information more often you can set the flow-cache timeout, in minutes, so this will send flow info every minute (see the docs for more details):

 

ip flow-cache timeout active 1

 


opFlow will now be displaying your data!  Visit http://<vm_ip_address>/cgi-omk/opFlow.pl and take a look! (also make sure you have a license)

ps. Authentication info for Opmantek modules is the same as it is for NMIS, the default is:
username: nmis
password: nm1888 

For more information and help with opFlow see its community homepage 


  • No labels