NetFlow Logic Documentation
NetFlow Logic Documentation
Home
Downloads
Free Trial
NetFlow Logic Documetation
NetFlow Optimizerâ„¢ (NFO) Overview
Core Products
NFO Installation Guide
NFO Administration Guide
Configure the Root SSH Password for the NFO Virtual Appliance
Configure the User Password for the NFO
Assign a Permanent License to NFO
Starting NetFlow Optimizer
Status
Configure Inputs
Configure Outputs
Starting and Stopping NetFlow Optimizer
Enabling and Configuring Modules
Datasets
Services
External Data Feeder for NFO (EDFN)
NetFlow Recorder
Output Options
Tracing and Configuration
User Management
Licensing
Server Configuration Parameters
NFO Server Settings for High-volume Processing (Linux)
Secure Connection Configuration (HTTPS)
High Availability Deployment
Copying NFO Configuration
Working with NFO Service
NFO User Guide
EDFN Installation Guide
EDFN Administration Guide
Release Notes
Integrations and Apps
NetFlow Analytics for Splunk
Integration with Splunk Enterprise Security
Integration with Elasticsearch
Network Metrics Content Pack for VMware vRealize Log Insight
Solutions
Cloud Application Visibility & Security
NetFlow-based DDoS Detection
V2P Network Visibility
FAQ
Frequently Asked Questions
SUPPORT
Troubleshooting Guide
Support Overview
Powered by GitBook

Enabling and Configuring Modules

By default NetFlow Optimizer is preconfigured with one Module enabled -- Network Traffic and Device Monitor: 10067 Top Traffic Monitor. You may enable / disable the entire set or each Module by clicking on / ​

To add or update a Module, click on ‘Upload’ button .

To configure Module parameters expand Module set and click on its’ name.

Configure Top Traffic Monitor Module Parameters

Parameter

Description

N – number of reported hosts

The number of top hosts reported per NetFlow exporter, min = 0, max = 100000, default = 50 (0 indicates all hosts are reported)

Enable(1) or disable (0) reporting by authoritative exporters only

This parameter enables de-duplication. If traffic between two hosts traverses several network devices, flow records about the same flow is received from each NetFlow exporters. If this option enabled, for each flow an authoritative flow exporter is selected, and flows records from other exporters are not reported. (1 – de-duplication is enabled, 0 – de-duplication is disabled)

Enable(1) or disable (0) reporting client port

If set to 1, the ephemeral client port number is reported. If set to 0, client port number is not taken into account when consolidating flow records, and reported as 0

Enable(1) or disable (0) multiplying by sampling rate

If set to 1, when *flow is sampled (e.g. sFlow, sampled NetFlow/IPFIX), the sampling rate is used to multiply bytes and packets to report total traffic as statistical approximation

Please note that NetFlow Analytics for Splunk App factors sampling on Splunk side, and this parameter should be set to 0

Default sampler rate

If sampling information is not available, use this rate to multiply bytes and packets to report total traffic as statistical approximation

Data collection interval, sec

Module logic execution interval, min = 5 sec, max = 86400 sec, default = 300 sec. During this time bytes and packets are summed up in in-memory database by source IP, destination IP, ports, and protocol. At the end of data collection interval the list of consolidated flows is sorted by bytes, and only top N records (1st parameter) are converted to syslog or JSON and reported.

List of known server destination port numbers

List of server destination ports to be used to determine which host is a client and which is a server

See NetFlow Optimizer User Guide for more information on other Modules functionality and configuration.

Previous
Starting and Stopping NetFlow Optimizer
Next
Datasets
Last updated 1 month ago