| Table of Contents |
|---|
Overview
Dealing with NetFlow traffic analysis commonly involves large to huge amounts of data, which poses quite a few scalability challenges. Meeting these requires certain trade-offs to be made by any NetFlow analyzer, not just opFlow. This page documents the configuration options and behaviours related to making opFlow scale well.
...
| Code Block | ||
|---|---|---|
| ||
'opflow_summary_stages' => {
'quarterhr' => {
'collapse_min_bytes' => 1024,
'collapse_min_pkts' => 5,
'collection_size' => 1073741824,
'period' => 900
}
}, |
| configuration | Unit | Description |
|---|---|---|
| collapse_min_bytes | bytes | Collapse all conversations with less than X bytes of traffic in the whole period into one; set to zero/undef to disable |
| collapse_min_pkts | packets | or window by minimum number of packets. a match of either criterion will cause collapsing |
| collection_size | bytes | Collection capped size |
| period | seconds | Summary period |
Changing Summarisations
You can remove an existing summarisation from the configuration and restart the opflow daemon, you will need to drop the database collection manually once you are sure.
...
| Code Block |
|---|
service opflowd stop opflow-cli.exe act=setup-db service opflowd start |
Also, and this is worth noting, the daemon will create all the summaries when it starts, so depending on how much data is already present, this may increase the load on the server.
opFlow GUI Modes
The opFlow GUI in version 3 includes two different dashboard pages, one optimised for high-volume and one optimised for high precision.
...