This topic describes the user interface for configuring Netflow Configuration.
Use this section when you are looking for descriptions of the Netflow Collection user interface and definitions of the features of the user interface.
To access the Netflow Collection Configuration Parameters:
- In the Security Analytics menu, select Administration > Services.
- In the Services grid, select a Log Collector service.
- Click under Actions and select View > Config.
- In the Log Collector Event Sources tab, select Netflow/Config from the drop-down menu.
The Netflow/Config view in the Event Sources tab has two panels: Event Categories and Sources.
Event Categories Panel
In the Event Categories panel, you can add or delete the appropriate event source types.
Available Event Sources Types Dialog
The Available Event Source Types dialog displays the list of supported event source types.
Use this panel to review, add, modify, and delete event source parameters for the event source type you selected in the Event Categories panel.
The following table provides descriptions of the toolbar options.
Add or Modify Source Dialog
In this dialog, you add or modify a file directory for the selected event source.
|Netflow Source Parameters||Lists the Netflow event source parameters populated with the default values. Enter or modify the appropriate values.|
|Cancel||Closes the dialog without adding a file directory or saving the parameter values for the selected file directory.|
|OK||In the Add Source dialog, adds the file directory and its parameters. In the Edit Source dialog, applies the parameter value changes for the selected file directory.|
Netflow Source Parameters
The following table provides descriptions of the source parameters.
|Port||Specify the port number configured for the Netflow event source.|
Security Analytics opens the 2055, 4739, 6343, and 9995 ports for Netflow by default. You can open other ports for Netflow if required.
|Enabled||Select the check box to enable the event source configuration to start collection. The check box is selected by default.|
|InFlight Publish Log Threshold|| |
Establishes a threshold that, when reached, Security Analytics generates a log message to help you resolve event flow issues. The Threshold is the size of the netflow event messages currently flowing from the event source to Security Analytics.
Valid values are:
Caution: Only enable debugging (set this parameter to On or Verbose) if you have a problem with an event source and you need to investigate this problem. Enabling debugging will adversely affect the performance of the Log Collector.
Enables/disables debug logging for the event source.
Valid values are:
This parameter is designed to debug and monitor isolated event source collection issues. The debug logging is verbose, so limit the number of event sources to minimize performance impact.
|Cancel||Closes the dialog without making adding an event source type.|
|OK||Adds the parameters for the event source.|