Enabling and Configuring Modules
By default NetFlow Optimizer is preconfigured with one Module enabled -- Network Traffic and Device Monitor: 10067 Top Traffic Monitor. You may enable / disable the entire set or each Module by clicking on 
/ 
To configure Module parameters expand Module set 
and click on its’ name.
Configure Top Traffic Monitor Module Parameters
Logic Parameters
| Parameter Name | Description | Comments |
|---|---|---|
| Top N per exporter (0 for all traffic) | Specifies the number of top hosts reported per NetFlow exporter. Set to 0 to report all traffic. | Min: 0, Max: 100,000, Default: 50 |
| Enable(1) or disable (0) reporting by authoritative exporters only | If set to 1 (deduplication enabled), the Module reports flows only from authoritative exporters. | Default: 0 |
| Enable(1) or disable (0) reporting client port | If set to 1, the ephemeral client port number is reported. If set to 0, client port number is not taken into account for consolidation, and reported as 0. | Default: 1 |
| Enable(1) or disable (0) multiplying by sampling rate | If set to 1, when *flow is sampled (e.g. sFlow, sampled NetFlow/IPFIX), the sampling rate is used to multiply bytes and packets to report total traffic as statistical approximation. | Default: 0 |
| Default sampler rate | If sampling information is not available, use this rate to multiply bytes and packets to report total traffic as statistical approximation. | Default: 1 |
| Enable(1) or disable (0) reporting flow denied events. | If set to 1, enable reporting firewall denied flows. If set to 0, firewall denied flows are not reported | Default: 1 |
Data Consolidation Parameter
| Parameter | Description |
|---|---|
| Data collection interval, sec | Module logic execution interval, min = 5 sec, max = 86400 sec, default= 300 sec. During this time bytes and packets are summed up in in-memory database by source IP, destination IP, ports, and protocol. At the end of data collection interval the list of consolidated flows is sorted by bytes, and only top N records (1st parameter) are converted to syslog or JSON and reported |
Data Sets and Enrichment Parameters
| Parameter | Description |
|---|---|
| List of known server destination port numbers | List of server destination ports to be used to determine which host is a client and which is a server. If the list is empty, the server is the one with a smaller port number. This parameter is ignored for unidirectional flows. This parameter is pre-loaded with values from: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml |
See NetFlow Optimizer User Guide for more information on other Modules functionality and configuration.