Basic configuration of Netfflow and monitoring on Solarwind

[TigerDao]

basic configuration
Netflow and monitoring on Solarwind​

Model:

​

network flow Allows us to monitor which IP pairs are exchanging information and how many Mbps, rather than just looking at total traffic like SNMP on PRTG.

The format is as follows:

There are 2 types of netflow: V5 and V9, of which V9 is newer. Here I show the Netflow v9 configuration on a Cisco router and pushing traffic to a Solarwind server.

Cisco R2 Router:

Declare SNMP community: (the purpose is to let the server know the name of the device)


snmp-server community hainm RO


Download Solarwind Netflow software (30-day trial version):

2023 version:


NOTE: The version I installed often gave errors at first

If you have the same problem, please use my 2022 version:


After downloading, double-click to install (it will take about 20-30 minutes to complete).

After the installation is complete, access through the url localhost:8787 The interface will look like this: (Password you created earlier):

Declare Netflow on the router:


############NETFLOW STATEMENT##############

Traffic records Traffic record 1

Match ipv4 destination address

Match ipv4 source address

Match ipv4 protocol

Match ipv4 priority

Match ipv4 tos

Match ipv4 ttl

Match transfer destination port

Match transfer source port

Match application name

Match timestamp absolute monitoring interval start

Match flow direction

Match interface input

Match interface output

Match stream sampler

Collection counter bytes long

Collect counter packets

!

!


Flow exporter Exporter-1

Destination 192.168.200.10 ##Solarwind IP

Transport UDP 9996

!You can specify the source interface to connect to the server “source ethernete0/0”

!


flow monitor Traffic Monitor-1

exporter Exporter-1

cache timeout inactive 10 ##After 10 seconds, any flow without packets will be deleted

Cache timeout activity 60 ##After 60 seconds, all streams will be deleted

record. record Traffic record 1

!



Interface Ethernet 0/0

IP address 192.168.200.20 255.255.255.0

IP traffic monitoring Traffic Monitor-1 input. input

IP traffic monitoring Traffic Monitor-1 output.output






Solarwind Manifesto:

Add the router device to Solarwind:

Add node

Fill in the device’s IP and SNMP string parameters:

Click next to complete the next step. It will be ok when you see the node UP.

Change to port 9996 declared on the router (normally use 9996 for the netflow collector)

=================

Complete the basic declaration section of Traffic Monitoring

To view traffic, do the following:

You will see traffic like this:

======

displayed on router show traffic monitor FLOW-MONITOR-1 cache You will see traffic for the IP pair:

complete

Xem tiếp...