What is Network NetFlow monitoring?
NetFlow data is obtained by enabling the NetFlow, sFlow or Jflow protocol on routers and switches. Once activated, these devices send IP-level 3 and 4 (IP addresses, TCP/UDP ports) information.
This package is designed to summarize NetFlow statistics collected for a single interface, in order to identify any suspicious host or application activity on the specified interface.
Application NetFlow monitoring
The nettrace-netflow package, based on collection made by the ServicePilot Agent, gets aggregated statistics for network flows. The ServicePilot Agent can collect NetFlow (v5, v9), sFlow or Jflow.
Aggregated statistics are provided for each monitored interface: Conversations, Bytes In/Out, Packets In/Out. These are calculated by summing all of the received flow packets for an interface. Depending on the flow protocol used, these values will either be representative of the total traffic passed through the interface or only representative of the samples that the flow protocol takes from the interface.
The ServicePilot Agent summarizes the flow data received to keep only the top 3 flows (conversations between the same IP addresses and port numbers) by volume of data transferred per minute. These conversations details are stored in a specific collection "NetTrace" in order to provide advanced dashboards presenting the top consumers of bandwidth by host and application per interface monitored.