Help Docs

Configuring Flow Exports on Vyatta Routers

For NetFlow analysis, you need to configure your devices to export flows to Site24x7 On-Premise Poller, which is the NetFlow collector. The On-Premise Poller will be listening to the particular port to receive flows. Learn how to find the port number of your On-Premise Poller.

Follow the steps below to configure NetFlow exports on Vyatta routers:

  1. Set the NetFlow version.
    set system flow-accounting netflow version 9
  2. To export flows to the Site24x7, provide the IP address (of the machine on which Site24x7 On-Premise Poller is installed) as the flow destination and its listening port.
    set system flow-accounting netflow server <NFA server IP> port <Port #>
    Example: set system flow-accounting netflow server 192.168.0.1 port 9996
  3. Issue the following command for every interface you want to monitor:
    set system flow-accounting interface <interface name>
    Example: set system flow-accounting interface eth0
  4. Set the active flow timeout to 1 minute. By default this will already be set to 1 minute or 60 seconds.
    set system flow-accounting netflow timeout expiry-interval 60
  5. Vyatta flow accounting can be resource intensive when statistics are being collected on all received packets. The alternative is to turn on sampling where 1 packet is accounted for every N packets, N being the sampling rate.
    set system flow-accounting netflow sampling-rate N
    Example: set system flow-accounting netflow sampling-rate 500
  6. Set the other essential Vyatta flow accounting parameters using the follwing commands:
    set system flow-accounting netflow engine-id id (id values range between 0 – 255)
    set system flow-accounting netflow timeout max-active-life 604800
    set system flow-accounting netflow timeout flow-generic 3600
    set system flow-accounting netflow timeout tcp-fin 300
    set system flow-accounting netflow timeout tcp-generic 3600
    set system flow-accounting netflow timeout tcp-rst 120
    set system flow-accounting netflow timeout icmp 300
    set system flow-accounting netflow timeout udp 300

NetFlow configuration

system {


flow-accounting {


interface <ifname> { // Please apply this on all active interface


netflow {
 version 9 # Can use 5 or 9
 engine-id <u32> # 0-255
 server <Collector IP> {
 port 9996 # user configurable


}


timeout {


expiry-interval 60
 flow-generic 3600
 icmp 300
 max-active-life 604800
 tcp-fin 300
 tcp-generic 3600
 tcp-rst 120
 udp 300
 }
 }


}


}

sFlow configuration

system {


flow-accounting {


sflow {
 agentid <u32>
 server 192.168.1.1 { 
 port 9996 
 }
 }

Was this document helpful?

Would you like to help us improve our documents? Tell us what you think we could do better.


We're sorry to hear that you're not satisfied with the document. We'd love to learn what we could do to improve the experience.


Thanks for taking the time to share your feedback. We'll use your feedback to improve our online help resources.

Shortlink has been copied!