Deployment Validation
The final phase of a successful deployment is confirming that your NetFlow Optimizer (NFO) instance is not only running but also actively receiving, processing, and outputting data. This health check ensures that your network exporters (routers, switches, firewalls) are correctly configured to reach the NFO host.
This guide should be followed after you have completed the software installation steps found in the NFO Installation Guide.
1. Service Status Verification
Before checking data flow, ensure the core services are active on your host.
Linux
Run the following command to check the status of the NFO Controller (Tomcat) and the Updater (EDFN):
systemctl status tomcat_nfo nfi_updd
Windows
Open Services.msc and verify that the following services are in the Running state:
NetFlow OptimizerExternal Data Feeder for NFO
2. Initial Data Ingestion Check
Log in to the NFO Web UI (https://<nfo-host>:8443) and navigate to the Status dashboard.
- Flow Rate (FPS): Look for the Flows Per Second counter. If this is at
0, NFO is not receiving traffic. - Active Exporters: Check the Exporters list. You should see the IP addresses of the network devices you configured to send NetFlow/IPFIX.
- EDFN Connectivity: Ensure the status indicator for the External Data Feeder is green. This confirms NFO can receive threat intel and GeoIP updates.
3. Verifying Enrichment and Output
To confirm NFO is successfully "shrinking" and enriching data before sending it to your SIEM:
- Enable a Test Module: Enable a Top Traffic Monitor Module.
- Check Output Statistics: Go to Status page and monitor the output rate to your destinations.
- Log Search: Search your SIEM or Data Lake for the
flowintegratorsource type (in Splunk) or the specific destination where you expect to find the NFO output.