Log Collection Netflow: The Basics

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

This guide tells you how to configure Netflow collection protocol which accepts events from Netflow v5 and Netflow v9. You use this protocol to accept events for security purposes, not for network performance purposes. This means that you should choose to accept events from select key strategic points in your network only (not everywhere).

How Netflow Collection Works

The Log Collector service collects events from Netflow v5 and Netflow v9.

Deployment Scenario

The following figure illustrates how you deploy the Netflow Collection Protocol in Security Analytics.

Netflow_Deployment.png

Configure Netflow Collection Protocol in Security Analytics

You configure to the Log Collector to use Netflow collection for an event source in the event Source tab of the Log Collector parameter view.  The following procedure explains the basic workflow for configuring an event source for Netflow Collection in Security Analytics.  Please refer to:

  1. In the Security Analytics menu, select Administration > Services.
  2. Select a Log Collection service.
  3. Click AdvcdExpandBtn.PNG under Actions and select View > Config to display the Log Collection configuration parameter tabs.
    ConfigNtflwProtocol1.png
  4. Click the Event Sources tab.
  5. Select Netflow as the collection protocol and select Config.
  6. Click Icon-Add.png and select netflow as the event source category.
    The event source category is part of the content you downloaded from LIVE.
  7. In the Event Categories panel, select netflow as the category, then click Icon-Add.png in the Sources panel.
  8. In the Add Source dialog, specify the basic parameters required for the Netflow event source.
  9. Click AdvcdExpandBtn.PNG and specify additional parameters that enhance how the Netflow protocol hands event collection for the event source.

Configure Event Sources to Use Netflow Collection Protocol

You need to configure each event source that uses the Netflow Collection protocol to communicate with Security Analytics (see Step 2: Configure Netflow Event Sources to Send Events to Security Analytics).

You are here: Netflow Collection Configuration Guide > lgnetBasic

Attachments

    Outcomes