FastNetMon supports many different implementations of standard Netflow protocol:

  • Netflow v5
  • Netflow v9
  • IPFIX
  • Netflow Lite
  • Inline monitoring services

Also, it support many vendor specific implementations (list isn’t complete):

  • Netstream
  • jFlow
  • cFlow

You can enable Netflow plugin this way:

sudo fcli set main netflow enable

Specify port for Netflow capture (2055 is default port for Netflow protocol). You may add multiple ports if you prefer:

sudo fcli set main netflow_ports 2055

Then specify interface for listening (0.0.0.0 is default):

sudo fcli set main netflow_host 0.0.0.0

If your run any kind of firewall on your network or on server with FastNetMon itself you will need to allow traffic over ports you’ve added towards machine with FastNetMon.

FastNetMon could automatically extract sampling rate from Netflow v5, v9 and IPFIX but in some rare cases you should specify it explicitly

sudo fcli set main netflow_sampling_ratio 1
sudo fcli set main netflow_custom_sampling_ratio_enable enable

Also, you should carefully review your active and inactive timeouts from Netflow agent side and set them to smallest possible values which do not overload your hardware. Then you need to select maximum value from them and use it for average_calculation_time option in seconds. Without these changes FastNetMon could calculate traffic bandwidth incorrectly

sudo fcli set main average_calculation_time XXX

You can confirm that router uses correct flow duration using this command

sudo fcli show system_counters|grep duration

Apply changes and restart daemon:

sudo fcli commit

After this steps you need to configure Netflow / IPFIX on agent’s side (switch, router, server) to configured port.

We have detailed guides for following vendors:

If you’re unhappy with attack detection speed or traffic accuracy provided by IPFIX and Netflow protocols we can recommend checking this page about alternative options.

24/7 Tech Support

support@fastnetmon.com

Email Us

sales@fastnetmon.com