This guide tells you how to configure Netflow collection protocol which accepts events from Netflow v5 and Netflow v9. You use this protocol to accept events for security purposes, not for network performance purposes. This means that you should choose to accept events from select key strategic points in your network only (not everywhere).
How Netflow Collection Works
The Log Collector service collects events from Netflow v5 and Netflow v9.
The following figure illustrates how you deploy the Netflow Collection Protocol in Security Analytics.
Configure Netflow Collection Protocol in Security Analytics
You configure to the Log Collector to use Netflow collection for an event source in the event Source tab of the Log Collector parameter view. The following figure the basic workflow for configuring an event source for Netflow Collection in Security Analytics. Please refer to:
- Step 1. Configure Netflow Event Sources in Security Analytics for step-by-step instructions on how to configure events sources in Security Analytics that use the Netflow Collection protocol.
- References - Netflow Collection Configuration Parameters for a detailed description of each Netflow Collection Protocol parameter.
Configure Event Sources to Use Netflow Collection Protocol
You need to configure each event source that uses the Netflow Collection protocol to communicate with Security Analytics (see Step 2. Configure Netflow Event Sources to Send Events to Security Analytics ).