How eG Enterprise Performs NetFlow Monitoring

To intercept and process NetFlow records exported by NetFlow-enabled devices, eG Enterprise offers an eG NetFlow Collector. The collector runs as a Windows service. Once started, the collector service starts listening for NetFlow records on UDP port 9996 (by default). The NetFlow-enabled device in the target infrastructure should be configured to export NetFlow records to the collector. The collector receives these records, processes them, and stores the processed data in binary files.

To analyze and aggregate the data stored in the binary files, the eG external agent monitoring the NetFlow-enabled device serves as the eG NetFlow Analyzer/Aggregator/Collector. This agent periodically reads these binary files, pulls statistics on netflow, processes/aggregates these statistics on the basis of interfaces, sources, destinations, applications, conversations, sites, etc., and reports the aggregated data to the eG manager. The eG manager then stores this information in the eG database.

Figure 1 : How the eG NetFlow Collector Works

For a NetFlow-enabled device, the eG manager also presents real-time metrics on traffic and bandwidth in the eG monitoring console using a specialized NetFlow Device monitoring model. If abnormalities are spotted during netflow analysis, alerts are generated on this model.

Note:

eG Enterprise v6.3 (and above) supports collection of NetFlow v9 flow records from NetFlow-enabled devices (routers, switches, etc.).

 

To know how to configure NetFlow monitoring using eG Enterprise, refer to Setting Up NetFlow Monitoring .