NetFlow Optimizer
NetFlow Optimizer: Aggregates and transforms flow data (NetFlow, IPFIX) into actionable security and performance insights.
The following sections show you how to configure NetFlow Optimizer to send their log data to Axoflow.
CAUTION:
Make sure to set data forwarding on your appliances/servers as described in this guide. Different settings like alternate message formats or ports might be valid, but can result in data loss or incorrect parsing.Prerequisites
- You have administrative access to NetFlow Optimizer.
- You have an AxoRouter deployed and configured with a Syslog connector that has parsing and classification enabled (by default, every AxoRouter has such connectors). This device is going to receive the data from NetFlow Optimizer.
-
You know the IP address the AxoRouter. To find it:
- Open the Axoflow Console.
- Select the Hosts or the Topology page.
- Click on AxoRouter instance that is going to receive the logs.
- Check the Networks > Address field.
Steps
Note: The steps involving the NetFlow Optimizer user interface are just for your convenience, for details, see the official documentation.
-
Log in to NetFlow Optimizer.
-
Select Outputs, then click the plus sign to add an output to NetFlow Optimizer.
-
Configure a Syslog (UDP) output:
- Name: Enter a name for the output, for example,
Axoflow. - Address: The IP address of the AxoRouter instance where you want to send the messages.
- Port: Set this parameter to 514.
- Name: Enter a name for the output, for example,
-
Click Save.
-
Add the source to Axoflow Console.
-
Open the Axoflow Console and select Topology.
-
Select + > Source.
- If the source is actively sending data to an AxoRouter instance, select Detected, then select your source.
- Otherwise, select the vendor and product corresponding to your source from the Predefined sources, then enter the parameters of the source, like IP address and FQDN.
Note During log tapping, you can add hosts that are actively sending data to an AxoRouter instance by clicking Register source. -
(Optional) Add custom labels as needed.
-
Select Create.
-
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | netflow |
| product | optimizer |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| flowintegrator | flowintegrator |