Netflow support is available in LogPoint and requires the Netflow Application to be installed. Once it is installed, it is available as a Fetcher and can be applied to Devices and/or Policy. NetFlow needs to be enabled on the sending device and must send NetFlow on port 9001. This is usually a configurable option on the sending device.
Check under System/Applications and search for ‘netflow’ on your LogPoint system. If it’s not there, download the Application from the Help Center and upload it to the LogPoint server.
Help Center Application Download – select NetFlow Collector.
Download the file and save it locally:
On your LP System, go to Settings/System/Applications. Select ‘Import’ and upload the Netflow Application.
The import process may take a few minutes to complete. Once it is installed, it is available for use.
Before enabling the NetFlow collector, it could be a good idea to create a dedicated Repo for NetFlow data. This also requires that you have Normalization Policy, Routing Policy and tie them together with a Processing Policy. The Normalization Policy needs to be created but can be blank – i.e. no need to select any Normalizers.
Once the processing Policy is configured, you must modify your Device configuration in LP. Go To Settings/Configurations/Devices. For the device you want to add NetFlow support – click on the +-sign to the right on the device screen. This will open the available Fetchers – Netflow should now be available:
Click the Netflow Collector icon, and select the Processing Policy that you just created. Save the change, and you should now be able to see the NetFlow logs when you Search the NetFlow Repo.
An important note is the fact that there are no Raw Logs when collecting netFlow. Everything is Normalized by the NetFlow Collector Application, and all fields are placed into searchable tags.