Docs

Ingest NetFlow/sFlow via the NetoFlow Connector

Suggest Edits

Netography Fusion collects flow records from network devices, including routers, switches, firewalls, and any other device that can output NetFlow, sFlow, or IPFIX.

This page documents how to add NetFlow or sFlow to Fusion by deploying the NetoFlow Connector within your environment and pointing your network devices to that system. This creates a TLS-encrypted reliable API connection to Fusion for ingesting these records. If you want to directly point your network devices to the Netography Fusion SaaS ingest IP, see Directly ingest NetFlow/sFlow from network devices

For more details on NetFlow and sFlow and configuration tips, see: NetFlow and sFlow.

Steps to Ingest NetFlow/sFlow via the NetoFlow Connector

There are 3 steps involved in this process:

  1. Add a new Device traffic source in Fusion for each network device that will be sending NetFlow or sFlow
  2. Deploy NetoFlow Connector locally.
  3. Configure your network devices to export NetFlow or sFlow to the NetoFlow Connector.

1. Add device traffic sources in Fusion

Add a new traffic source in Fusion for each network device that will deliver NetFlow or sFlow to the NetoFlow Connector. If you do not know all the devices yet, you can proceed with the next steps and then come back and add them later.

Go to Settings, Traffic Sources, and click the Add a Traffic Source button in the Fusion Portal. Select Device from the list of Flow Sources on the Add Traffic Source page.

Add flow source from a network device

Add flow source from a network device

Fill out the Add Device configuration form. The Device Name, Sample Rate, and IP Addresses fields are required. All other fields are optional. The BGP configuration on the second screen is only required if you are using BGP in a response policy to do automated blocking and can usually be omitted.

2. Deploy NetoFlow Connector

For instructions on deploying and running the NetoFlow Connector locally, see: NetoFlow Connector Documentation.

3. Configure your network devices to export NetFlow or sFlow

You will now configure your network devices to send NetFlow to the IP and port you deployed NetoFlow to listen on in the previous step. Consult your network device documentation for the exact instructions on configuring it to export NetFlow or sFlow.

Updated 7 days ago