Configuring flow export: Difference between revisions

From wiki.comcert.com
Jump to navigation Jump to search
VisualWikitext
(Created page with " == Introduction == Correct configuration of Flow Exporting Devices (FED) is key to Flow Bases Network Analysis. In many cases, errors made during configuration will result i...")
 
No edit summary
Line 2: Line 2:
== Introduction ==
== Introduction ==


Correct configuration of Flow Exporting Devices (FED) is key to Flow Bases Network Analysis. In many cases, errors made during configuration will result in missing data or duplicate data. This may be difficult to spot and compromizes all conclusions. Device vendors are not making it easy and most of them use a different methods on how to set-up network flow exports to the collector (in our case TVF or TVA).
Correct configuration of Flow Exporting Devices (FED) is key to Flow Based Network Analysis. In most cases, errors made during configuration will result in missing or duplicate data. It may be difficult to spot that because of this the flow data is compromized. Device vendors are not making it easy and most of them use different methods to enable network flow exports to the collector (in our case TVF or TVA).
 
Furthermore, some collectors require a special setting on FED in order to undersand its flow records correctly.


This article is trying to decribe the idea behind network flow reporting and we hope it will help you to determine the correct procedure on how to confgure your FEDs.
This article is trying to decribe the idea behind network flow reporting and we hope it will help you to determine the correct procedure on how to confgure your FEDs.


 
 
== Solution ==
=== Definitions ===
==== Flow ====
A ''flow'' is defined as a stream of packets between a given source and a given destination.
==== Flow record ====
A flow ''record'' is 
==== Sensor ====
A flow ''sensor'' is deployed on an interface basis. A flow sensor will "read" the packets going accross the interface and "compose" the flow record.

Revision as of 17:16, 14 January 2018

Introduction

Correct configuration of Flow Exporting Devices (FED) is key to Flow Based Network Analysis. In most cases, errors made during configuration will result in missing or duplicate data. It may be difficult to spot that because of this the flow data is compromized. Device vendors are not making it easy and most of them use different methods to enable network flow exports to the collector (in our case TVF or TVA).

Furthermore, some collectors require a special setting on FED in order to undersand its flow records correctly.

This article is trying to decribe the idea behind network flow reporting and we hope it will help you to determine the correct procedure on how to confgure your FEDs.

 

Solution

Definitions

Flow

flow is defined as a stream of packets between a given source and a given destination.

Flow record

A flow record is 

Sensor

A flow sensor is deployed on an interface basis. A flow sensor will "read" the packets going accross the interface and "compose" the flow record.

Retrieved from "https://wiki.comcert.com/index.php?title=Configuring_flow_export&oldid=2537"