Yuri Slobodyanyuk's blog on IT Security and Networking sharing experience and expertise

How to separate inbound and outbound data graphs in Nfsen Netflow tool

As I said already ( here and here ) for gathering Netflow data, especially with security in mind, I deem Nfsen/nfdump to be the best. And with some easy 2-minutes tweaking I can always make it do exactly what I want.
By default when you configure Cisco to export both ingress and egress Netflow data from the interface Nfdump/Nfsen will accept and process it fine BUT … will show it on the same timeline with the same color and so overlapping over each other. That means you will see only the largest values. To fix it you create additional (from Live) profile with separate Channels, each representing direction of the traffic – inbound or outbound. Then for each channel you set appropriate filter – IN for incoming traffic , OUT for outgoing traffic (all respective to the interface being monitored), followed by SNMP ifIndex of the interface in the router. Picture is worth 1024 words they say , so see below screenshots how I did it for one of my clients.

Nfsen custom profile with channels

Nfsen custom profile with channels

Nfsen custom profile with channels

Nfsen custom profile with channels


1 Comment

  1. Thanks, this very informative. I just did exactly as you did but the graph is empty. what do you think is the issue. I have working live profile.

Comments are closed.

© 2016 yurisk.info

Theme by Anders NorenUp ↑