Configure Outputs

You may add up to sixteen output destinations, specifying the format and the kind of data to be sent to each destination. Click on the ‘plus’ symbol to add data outputs.

NFO supports the following types of outputs:

  1. Type = Repeater (UDP): indicates that flow data received by NFO should be retransmitted to that destination, e.g your legacy NetFlow collector or another NFO instance

  2. Type = Syslog (UDP): indicates the destination where data is sent in syslog format

  3. Type = JSON (UDP): indicates the destination where data is sent in JSON format

  4. Type = ClickHouse: indicates the destination of your ClickHouse database

You can set filters for each output:

  1. Output filter = All: indicates the destination for all data generated by NFO, both by Modules and by Original NetFlow/IPFIX/sFlow one-to-one conversion

  2. Output filter = Modules Output Only: indicates the destination will receive data only generated by enabled NFO Modules

  3. Output filter = Original NetFlow/IPFIX only: indicates the destination for all flow data, translated into syslog or JSON, one-to-one. NetFlow/IPFIX Options from Original Flow Data translated into syslog or JSON, one-to-one, also sent to this output. Use this option to archive all underlying flow records NFO processes for forensics. This destination is typically Hadoop or another inexpensive storage, as the volume for this destination can be quite high

  4. Output filter = Original sFlow only: indicates the destination for sFlow data, translated into syslog or JSON, one-to-one. Use this option to archive all underlying sFlow records NFO processes for forensics. This destination is typically configured to send output to inexpensive syslog storage, such as the volume for this destination can be quite high

Please note that Repeater option allows you to specify the IP address, but not the destination port. This feature was designed so NFO can be "inserted" between NetFlow exporters and legacy NetFlow collectors. NFO will use the input port number and the exporter IP address when forwarding the original message received from the exporter.