NetFlow Optimizer

The following sections show you how to configure NetFlow Optimizer to send their log data to Axoflow.

Prerequisites

• You have administrative access to NetFlow Optimizer.
• You have an AxoRouter deployed and configured with a Syslog (autodetect and classify) connector. This device is going to receive the data from NetFlow Optimizer.

• You know the IP address the AxoRouter. To find it:

  1. Open the Axoflow Console.
  2. Select the Hosts or the Topology page.
  3. Click on AxoRouter instance that is going to receive the logs.
  4. Check the Networks > Address field.

Steps

Note: The steps involving the NetFlow Optimizer user interface are just for your convenience, for details, see the official documentation.

1. Log in to NetFlow Optimizer.

2. Select Outputs, then click the plus sign to add an output to NetFlow Optimizer.

3. Configure a Syslog (UDP) output:

   • Name: Enter a name for the output, for example, Axoflow.
   • Address: The IP address of the AxoRouter instance where you want to send the messages.
   • Port: Set this parameter to 514.

   

4. Click Save.

5. Add the source to Axoflow Console.

   1. Open the Axoflow Console and select Topology.

   2. Select + > Source.

      • If the source is actively sending data to an AxoRouter instance, select Detected, then select your source.
      • Otherwise, select the vendor and product corresponding to your source from the Predefined sources, then enter the parameters of the source, like IP address and FQDN.

   3. (Optional) Add custom labels as needed.

   4. Select Create.

Labels

Axoflow automatically adds the following labels to data collected from this source:

Sending data to Splunk

When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings: