# Network NetFlow
This package is designed to summarize NetFlow statistics collected for a single interface, in order to identify any suspicious host or application activity on the specified interface.
The network-netflow package, based on collection made by the ServicePilot Agent, gets aggregated statistics for network flows. The ServicePilot Agent can collect NetFlow (v5, v9), sFlow or Jflow.
Aggregated statistics are provided for each monitored interface: Conversations, Bytes In/Out, Packets In/Out. These are calculated by summing all of the received flow packets for an interface. Depending on the flow protocol used, these values will either be representative of the total traffic passed through the interface or only representative of the samples that the flow protocol takes from the interface.
The ServicePilot Agent summarizes the flow data received to keep only the top 10 flows (conversations between the same IP addresses and port numbers) by volume of data transferred per minute. These conversations details are stored in a specific collection "IP Flow" in order to provide advanced dashboards presenting the top consumers of bandwidth by host and application per interface monitored.
NetFlow Collectionmust be configured and started on each NetFlow router.
It is necessary to ensure network connectivity between ServicePilot and the monitored device. In case of a network infrastructure with a firewall, the following flows must be opened:
UDP/2055 (NetFlow): Between NetFlow Router and ServicePilot Agent
- ServicePilot Manager minimum version: 8.5
- ServicePilot Agent minimum version: 8.5 installed and configured
Before adding a resource to monitor, make certain that all pre-requisites are in place and that ServicePilot Agent is communicating correctly with the ServicePilot Manager. Resources can be added to ServicePilot configuration using Views Configuration web interface
- As an administrative user of ServicePilot, open the ServicePilot web interface.
- Navigate to Administration. The Configuration > Views web page will open.
- Click on the view in which to place the new resource in the Views hierarchy on the left of the interface. The View editor section will show the existing view contents.
- From the Packages list on the right of the interface, click and drag the network-netflow package into the View editor and let go.
- The Resource properties dialog box will open to allow resource configuration.
- Click OK to close the Resource properties dialog box. Note that the dialog box will not close if required parameters are not set.
- Click Save to apply the new resource to ServicePilot configuration.
- Check if the object has been created in your map and that indicators are populated after a few minutes.
|Object Type||License object Consumed||Condition|
This package will also consume data in the IP Flow collection (Bytes/day part of the license).
Key field notes
- In the Policies tab, specify the policy or policies to apply to the resource
- Basic Parameters tab:
- Source IP address Router or Switch IP address, sending flow records.
- Source interface index: SNMP table index of the interface to monitor.
- Interface Speed Parameters tab:
- Speed In (bps): The incoming interface speed in bps used to enable in load calculation.
- Speed Out (bps): The outgoing interface speed in bps used to enable out load calculation.
- Agent access tab:
- Agent URL: Provide a link to the ServicePilot Agent Netflow live traffic web page. This link will be made available in the against the Netflow object in the ServicePilot Manager web interface.