Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents


Dealing with NetFlow traffic analysis commonly involves large to huge amounts of data, which poses quite a few scalability challenges. Meeting these requires certain trade-offs to be made by any NetFlow analyzer, not just opFlow. This page documents the configuration options and behaviours related to making opFlow scale well.


Code Block
	'opflow_summary_stages' => {
		'quarterhr' => {
			'collapse_min_bytes' => 1024,
			'collapse_min_pkts' => 5,
			'collection_size' => 1073741824,
			'period' => 900

collapse_min_bytesbytesCollapse all conversations with less than X bytes of traffic in the whole period into one;
set to zero/undef to disable
collapse_min_pktspacketsor window by minimum number of packets. a match of either criterion will cause collapsing

Collection capped size

periodsecondsSummary period

Changing Summarisations

You can remove an existing summarisation from the configuration and restart the opflow daemon, you will need to drop the database collection manually once you are sure.


Code Block
service opflowd stop
opflow-cli.exe act=setup-db
service opflowd start

Also, and this is worth noting, the daemon will create all the summaries when it starts, so depending on how much data is already present, this may increase the load on the server.

opFlow GUI Modes

The opFlow GUI in version 3 includes two different dashboard pages, one optimised for high-volume and one optimised for high precision.