This topic tells you how to configure the Netflow collection protocol.
Configure a Netflow Event Source
To configure a Netflow Event Source:
- Go to (Admin) > Services from the NetWitness Platform menu.
- Select a Log Collection service.
- Select > View > Config to display the Log Collection configuration parameter tabs.
Click the Event Sources tab.
- In the Event Sources tab, select Netflow/Config from the drop-down menu.
In the Event Categories panel toolbar, click .
The Available Event Source Types dialog is displayed.
Select the netflow event source type and click OK.
The newly added event source type is displayed in the Event Categories panel.
Select the new type in the Event Categories panel and click in the Sources toolbar.
The Add Source dialog is displayed.
Enter a port number in the Port field, and ensure the Enabled box is checked.
For details of other parameters, see Netflow Collection Parameters below.
- Click OK.
The new event source is displayed in the list.
Netflow Collection Parameters
The following table provide descriptions of the basic Netflow Collection parameters.
|Port||Specify the port number configured for the Netflow event source.|
NetWitness Platform opens the 2055, 4739, 6343, and 9995 ports for Netflow by default. You can open other ports for Netflow if required.
|Enabled||Select the check box to enable the event source configuration to start collection. The check box is selected by default.|
|Cancel||Closes the dialog without making adding an event source type.|
|OK||Adds the parameters for the event source.|
The following table provide descriptions of the advanced Netflow Collection parameters.
|InFlight Publish Log Threshold|| |
Establishes a threshold that, when reached, NetWitness Platform generates a log message to help you resolve event flow issues. The Threshold is the size of the netflow event messages currently flowing from the event source to NetWitness Platform .
Valid values are:
Enables or disables debug logging for the event source.
Valid values are:
This parameter is designed to debug and monitor isolated event source collection issues. The debug logging is verbose, so limit the number of event sources to minimize performance impact.