Netflow安装及数据导入

1.Netflow安装

上传ManageEngine_NetFlowAnalyzer_HighPerf_9862_64bit.bin

[root@Zabbix software]# chmod +x ManageEngine_NetFlowAnalyzer_HighPerf_9862_64bit.bin

[root@Zabbix software]# ./ManageEngine_NetFlowAnalyzer_HighPerf_9862_64bit.bin -console 

通过逐步提示完成安装

[root@Zabbix software]# cd /opt/ManageEngine/NetFlow/bin

[root@Zabbix software]#./linkAsService.sh  #将软件变更为系统服务

[root@Zabbix software]#./run.sh  # 启动服务

2.Netflow激活许可

3.网络设备流量导入配置

(1) cisco ASR1002-X Netflow配置

flow exporter NETFLOW-TO-ORION
destination 172.29.12.120
source GigabitEthernet0/0/2
transport udp 9996
export-protocol netflow-v5
!
!
flow monitor NETFLOW-MONITOR
exporter NETFLOW-TO-ORION
cache timeout inactive 10
cache timeout active 5
record netflow ipv4 original-input
!

!
interface GigabitEthernet0/0/2
ip flow monitor NETFLOW-MONITOR input

 (2) Cisco N3K Netflow配置

feature sflow
sflow sampling-rate 5000
sflow max-sampled-size 200
sflow counter-poll-interval 100
sflow max-datagram-size 2000
sflow collector-ip 172.16.186.201 vrf default source 172.16.9.9
sflow collector-port 9996
sflow agent-ip 172.16.186.1
sflow data-source interface Ethernet1/1-52
sflow data-source interface port-channel1

(3)Cisco ASA Netflow配置

flow-export destination DMZ 172.29.12.120 9996

access-list Netflow-Export extended permit ip any any

class-map NETFLOW
match access-list Netflow-Export

policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class NETFLOW
flow-export event-type all destination 172.29.12.120

snmp-server community easnmp
snmp-server enable traps

 (4)Cisco 1921router Netflow配置

ip flow-export version 5
ip flow-export destination 172.29.8.56 9996
!
interface g0/0/0
ip flow ingress
ip flow egress
interface g0/0/1
ip flow ingress
ip flow egress