Configure onetime data import using Netflow for testing purposes Configure and test Service Mapping discovery process based on data collected using the Netflow protocol. Before you begin Learn about Traffic-based discovery in Service Mapping. Role required: admin or sm_admin About this task In base systems, traffic-based discovery uses only TCP-related data collected with the help of the netstat and lsof commands. Discovery based on Netflow and VPC logs requires additional configuration. You can enrich your traffic-based discovery by configuring Service Mapping to use the Netflow protocol. For more information about the way Service Mapping to collect Netflow data, see Data collection and discovery using Netflow. For testing purposes, install the Netflow Collector (nfdump) on a Unix server inside your organization. In this case, this Unix server should be different from the server hosting the MID Server server. Configure the ServiceNow connector to trigger MID Server to collect the data from the flow log and processes it. Procedure Download and install the Netflow collector (nfdump) on a Unix or Ubuntu server inside your organization. For a Linux server, download, compile, and install the nfdump package. You can download the nfdump package from https://sourceforge.net/projects/nfdump/. For an Ubuntu server, install the nfdump package without predownloading or compiling it. Open the command-line window and run the following command:sudo apt-get install nfdump For an Ubuntu server, if the apt-get command fails, predownload the nfdump package, save it locally and then install it. Open the command-line window and run the following commands:sudo dpkg -i nfdump_1.6.15-3_i386.deb -sudo apt-get -f install Note: The file name for the nfdump package has the following format: nfdump_<version number> .deb. In this example it is nfdump_1.6.15-3_i386.deb. Configure the Netflow collector to save data for one day: Open the command-line window on the server hosting the Netflow collector. Create a cron job by using the following command: crontab -e Enter the following command using the correct paths: */10 * * * * /usr/local/bin/nfexpire -e /data/nfdump -t 1d Create a file with the nfdump data. For example, use the following command: nfdump -q -m -R /data/nfdump/ -o extended -t 2016/07/06.07:00:00-2016/07/06.07:10:00 'inet and proto tcp' >> /tmp/my_file If the file is very large, you can compress it using the gzip format. Use the following command: gzip /tmp/my_file Copy the nfdump data file to the MID Server. Configure Service Mapping to receive data collected by the Netflow collector: Navigate to Service Mapping > Administration > Flow Connectors. Click New. Click ndfdump file. On the dfdump file page, configure parameters as follows: Field Description Name A descriptive name for the connector. nfdump data path The path to a location on the MID Server to which you saved the nfdump data file in 5. MID Server The MID Server, onto which you copied the nfdump file. Gzipped file If you converted the nfdump file into the gzip format before saving it on the MID Server, set this parameter to true to unzip it. Click Submit. Verify that Service Mapping collects data using Netflow: On the nfdump file form, select the newly configured connector and click Run now to start the data collection flow and populate the Flow Connection [sa_flow_connection] table. Navigate to System Definitions > Tables. Click the Flow Connection [sa_flow_connection] table. Under Related Links, click Show List. Verify that the table contains data. What to do nextIf you are satisfied with the results of the test, configure Netflow-based data collection as described in Configure data collection using Netflow.