Welcome to docs.opsview.com

NetFlow

Opsview provides the ability to capture information about the nature of the traffic flows on a monitored network.

Terminology

  • Sources - this is a device that sends NetFlow/sFlow data, such as a router or a firewall. The source must be configured as a host in Opsview
  • Collectors - this is the monitoring server that is used to receive NetFlow/sFlow information from sources. The collector must be the Opsview master or any slave system

Views

Views are available from the Dashboard via the NetFlow dashlets:

Architecture

Opsview will rotate the NetFlow/sFlow data files every minute. Devices sending NetFlow/sFlow data should be set to cache timeout interval to 1 minute to ensure accurate statistics.

All data is stored in the filesystem and in the database as UTC.

Disk Partitions

We recommend you have a disk partition on /var/opt/opsview/netflow/ to separate NetFlow/sFlow data from other operating system usage on /var.

Note that you need to monitor disk usage as well as inode usage in this filesystem, as there will be a file generated every minute for each collector to summarise the NetFlow/sFlow usage.

Time Settings

Ensure that the time on the Opsview master, all collectors and all sources are synchronised, otherwise some NetFlow/sFlow statistics will be incorrect.

Getting Started

Make sure the user has the CONFIGURENETFLOW access for configuring and the NETFLOW access for viewing the dashlets.

  • Go to Settings ⇒ Flow Collectors
  • Add a new collector. Add the Application - Opsview NetFlow Common host template to each collector
  • Add a new source. You can get to the sources list by clicking on the Total Sources link in the collectors list page
  • Add the Application - Opsview NetFlow Master host template to the Opsview master host
  • Configure your network device (i.e. Cisco router) to send NetFlow/sFlow data to Opsview, i.e. add a line such as:
ip flow-export source Ethernet0/0
ip flow-export destination 192.168.12.70 9995
  • You now have to setup your sources to send to the collector. Ensure it uses the IP address specified when configuring the source. You should set the cache timeout interval to be 1 minute
  • Reload. Opsview will start collecting data

Notes for Multi-Tenancy Systems

NetFlow access is not available for multi-tenancy systems as it is possible to get information about hosts outside of your access list.

Navigation
Print/export
Toolbox