Configure data collection using Netflow

Enable Service Mapping to perform discovery based on data collected using the Netflow protocol. This setup results in fully automated data collection flow, where all involved components send, collect, and analyze data automatically.

Before you begin

Learn about Traffic-based discovery in Service Mapping.

Role required: admin or sm_admin

About this task

In base systems, traffic-based discovery uses only TCP-related data collected with the help of the netstat and lsof commands. Discovery based on Netflow and VPC logs requires additional configuration. You can enrich your traffic-based discovery by configuring Service Mapping to use the Netflow protocol. For more information about the way Service Mapping uses Netflow, see Data collection and discovery using Netflow.

Procedure

  1. Install the nfdump package on a server hosting the MID Server in your organization:
    • For a Linux server, follow operational instructions at https://sourceforge.net/projects/nfdump/
    • For an Ubuntu server, open the command-line window and run the following command:

      sudo apt-get install nfdump

  2. Configure the Netflow collector to save the nfdump file in a certain directory.
    1. Open the /etc/init.d/nfdump file.
    2. Modify the parameter responsible for saving this file in the required location.
      For example, on an Ubuntu server, specify the location using the DEAMON_ARGS parameter:

      DATA_BASE_DIR="/var/cache/nfdump"

      DAEMON_ARGS="-D -l $DATA_BASE_DIR -P $PIDFILE"

    For operational information, refer to https://sourceforge.net/projects/nfdump/.
  3. Configure the switches to forward their nfdump files to the MID Server. The default value for the MID Server is the IP address and port 9995.
  4. Configure the Netflow collector to save data for one day:
    1. Open the command-line window on the server hosting the Netflow collector.
    2. Create a cron job by using the following command:
      crontab -e
    3. Enter the following command using the correct paths:
      */10 * * * * /usr/local/bin/nfexpire -e /data/nfdump -t 1d.
  5. Verify that the Netflow collector is configured correctly and receives the correct data from the network resources.
    1. Run the following command:
      nfdump -q -O tstart -R /data/nfdump/ -o extended
    2. In the command output, verify that marked fields contain real data:

      Verification command output
  6. Configure Service Mapping to receive data collected by the Netflow collector:
    1. Navigate to Service Mapping > Administration > Flow Connectors.
    2. Click New.
    3. Click nfdump install.
    4. On the nfdump install page, configure parameters as follows:
      Field Description
      Name A descriptive name for the connector.
      MID Server The MID Server on which you installed the Netflow collector.
      nfdump data directory The data directory where you configured the Netflow collector to save the nfdump files.
    5. Click Submit.
  7. Verify that Service Mapping collects data using Netflow:
    1. On the nfdump install form, select the newly configured connector and click Run now to start the data collection flow and populate the Flow Connection [sa_flow_connection] table.
    2. Navigate to System Definitions > Tables.
    3. Click the Flow Connection [sa_flow_connection] table.
    4. Under Related Links, click Show List.
    5. Verify that the table contains data.