This guide tells you how to configure Netflow collection protocol which accepts events from Netflow v5 and Netflow v9. You use this protocol to accept events for security purposes, not for network performance purposes. This means that you should choose to accept events from select key strategic points in your network only (not everywhere).
How Netflow Collection Works
The Log Collector service collects events from Netflow v5 and Netflow v9.
The following figure illustrates how you deploy the Netflow Collection Protocol in Security Analytics.
Configure Netflow Collection Protocol in Security Analytics
You configure to the Log Collector to use Netflow collection for an event source in the event Source tab of the Log Collector parameter view. The following procedure explains the basic workflow for configuring an event source for Netflow Collection in Security Analytics. Please refer to:
- Step 1: Configure Netflow Event Sources in Security Analytics for step-by-step instructions on how to configure events sources in Security Analytics that use the Netflow Collection protocol.
- References - Netflow Collection Configuration Parameters for a detailed description of each Netflow Collection Protocol parameter
- In the Security Analytics menu, select Administration > Services.
- Select a Log Collection service.
- Click under Actions and select View > Config to display the Log Collection configuration parameter tabs.
- Click the Event Sources tab.
- Select Netflow as the collection protocol and select Config.
- Click and select netflow as the event source category.
The event source category is part of the content you downloaded from LIVE.
- In the Event Categories panel, select netflow as the category, then click in the Sources panel.
- In the Add Source dialog, specify the basic parameters required for the Netflow event source.
- Click and specify additional parameters that enhance how the Netflow protocol hands event collection for the event source.
Configure Event Sources to Use Netflow Collection Protocol
You need to configure each event source that uses the Netflow Collection protocol to communicate with Security Analytics (see Step 2: Configure Netflow Event Sources to Send Events to Security Analytics).