Selected tag: netflow analyzer

With NetFlow administration and configuration, there are always choices. This blog post will briefly introduce different protocols and their options, as well as real-world examples. Let's dive into two protocols being used today: NetFlow and sFlow.

We won’t discuss history but will instead jump right into the NetFlow protocol's current use and its differences. Currently,

Virtualization is ubiquitous in the IT world. However, with the ever-increasing complexity, we are faced with the fact that our old tools are insufficient nowadays. That is why we need to accustom ourselves to diverse types of NetFlow configuration. In this post, we will examine the case of Hyper-V, a hypervisor developed by Microsoft.

There are two types of Hyper-V

Usually, our customers configure NetFlow export directly on their devices (routers, switches, firewalls, etc). But in case the company policy (especially in Asian countries) prevents enabling export on devices, or if devices are not capable of exporting NetFlow data, we need to implement a NetFlow probe. There are paid probe software options available, however, we will focus on an open-source

NetVizura is a complex software composed of a few databases, Tomcat, and a lot of code, supported on Windows and numerous Linux distributions for AMD64 architecture. With the advent of 8GB RAM RPI 4, there have been numerous projects using this version in its implementation. Maybe the most famous would be ESXi on ARM with project Monterrey (we internally dominantly use Proxmox, while Xen and

The Elasticsearch upgrade process is somewhat straightforward. Download the upgrade, apply it, and then restart the Elasticsearch service. However, in NetVizura we are not using elastic-licensed Elasticsearch but apache-licensed installation. Elasticsearch doesn't deliver such a version in EXE or MSI flavor, therefore you can only download the zip file. To avoid ZIP and BAT file and registry

NoSQL databases differ in almost every aspect when compared to traditional RDBMS. While classic DBs (such as PostgreSQL) have, for example, dumps, Elasticsearch has the snapshotting capability that can be good in some cases but overwhelming in others.

In this blog post, we have covered two types of Elasticsearch backup - one is official and recommended, while the other one is more a

Elasticsearch is a NoSQL database, usually used as a search engine. However, with its powerful logic, it can be used for pretty much anything. In our case, we have used Elasticsearch to hold aggregated NetFlow data. As we are incorporating it step by step, currently Elasticsearch database is in the beta phase.

Elasticsearch holds data inside indices, which can be interpreted as a

Aruba is a global network company, a leader in Wi-Fi technology. Their most renowned merchandise are switches, which are purpose-built for the cloud, mobile and IoT. Users find Aruba CLI very comprehensible and its remarkably well designed GUI contains useful Dashboard and System Monitor.

Aruba switches support sFlow and great thing is that you don't need a lot

A flow in networking terms is a unidirectional set of packets containing common attributes (source and destination IP, ports, protocols, etc). By using a flow protocol (e.g. NetFlow, sFlow, IPFIX), network devices can gather information about these attributes and send assembled information to your collector.

Usually, a big concern is the load on exporters (router, switch, workstation)

Barracuda is one of the most famous security companies in the world. They have started as a spam-blocking hardware device company, but soon they have diversified their portfolio which is now comprised of numerous products, including renowed CloudGen Firewall. This firewall has two types of GUI - Web and Barracuda Firewall Admin console - with myriad of options for configuration and monitoring.