Update Input and Output

By default NetFlow Optimizer is preconfigured with one active data input port number 9995. To change the default data input port number or to add additional data inputs, follow the steps below.

Input Summary

By default NetFlow Optimizer is preconfigured with one active data input port number 9995. To change the default data input port number or to add additional data inputs, follow the steps below.

  1. Click on the ‘edit’ symbol to change the existing data input port

  2. Click ‘Save’

  3. Click on the ‘plus’ symbol to add additional data input ports

  4. Click ‘Save’

  5. Proceed to the next step

Output Summary

You may add several output destinations, specifying the kind of data to be sent to each destination.

NFO supports the following varieties of outputs:

  1. Type = Repeater: indicates that flow data received by NFO should be retransmitted to that destination, e.g your legacy NetFlow collector.

  2. Type = Syslog, Output = Modules Output only: indicates the destination for syslogs generated by NFO Modules. NetFlow/IPFIX Options from Original Flow Data translated into syslog, one-to-one, also sent to this output. Use this option for Splunk, VMware Log Insight, and other SIEM system.

  3. Type = Syslog, Output = Original NetFlow/IPFIX only: indicates the destination for Original Flow Data, translated into syslog, one-to-one. NetFlow/IPFIX Options from Original Flow Data translated into syslog, one-to-one, also sent to this output. Use this option to archive all underlying flow records NFO processes for forensics. This destination is typically Hadoop or another inexpensive storage, as the volume for this destination can be quite high.

  4. Type = Syslog, Output = Original sFlow only: indicates the destination for Original Flow Data, translated into syslog, one-to-one. Use this option to archive all underlying sFlow records NFO processes for forensics. This destination is typically configured to send output to inexpensive syslog storage, such as your rsyslog, syslog-NG, Elastic, or Hadoop cluster, as the volume for this destination can be quite high.

  5. Type = Syslog, Output = All: indicates both #2, #3 and #4 combined.

Please note that Repeater option allows you to specify the IP address, but not the destination port. This feature was designed so NFO can be "inserted" between NetFlow exporters and legacy NetFlow collectors. NFO will use the input port number and the exporter IP address when forwarding the original message received from the exporter.

To configure output destination:

  1. Click on the ‘plus’ symbol to add data outputs

  2. Enter the destination information for your data output

  3. Click ‘Save’

  4. Proceed to the next step