Cisco Systems OL-11399-01 manual NetFlow Export Source Groups

Page 27

Chapter 2 Using the NetFlow Collector User Interface

Configuration

The Filter editor is applet-based. A tree on the left hand side of the filter editor shows the elements of the filter. A form on the right hand side of the filter editor contains the attributes for the currently selected item in the tree.

The top item of the tree contains a unique identifier for the filter. Directly beneath the top of the tree is one filter condition or filter expression. Add the top-level filter condition or expression by selecting Add condition or Add expression when the top item is selected.

A filter condition performs an equality check on the output value of a key builder that is invoked for each flow. The type of a filter condition is either an integer condition, address condition, string condition, or nde-source condition. Depending on which condition type you select, only the key builders that produce that type of value can be selected. The nde-source condition checks the address of the device from which the flow originated.

When creating a filter condition, specify:

Whether the equality check is equals or not-equals

Which key builder creates the value to be checked

In addition, an address condition accepts an optional integer mask value that is applied to the address before the equality check is performed. If the mask field is left blank, no mask is applied.

Directly beneath the filter condition is one or more value or range items. These determine the set of target values to which the equality check is applied. Add a value or range to the filter condition by selecting Add value or Add range. For an integer condition, only integer values and ranges can be entered; only IP address values can be entered for address filter conditions. An nde-source condition accepts only IP address values. Note that ranges cannot be entered for string filter conditions, only single values.

Boolean logic is applied to two or more filter conditions using a filter expression. A filter expression can also appear within an expression in place of a filter condition.

To create a filter expression, specify the logical operator and, or, nand (not-and), or nor (not-or) and select Add expression. An expression must contain at least two other conditions or expressions.

The conditions and expressions within an expression are evaluated in top-down order. Evaluation performance for an expression can be optimized by placing conditions and expressions which are more likely to occur to the top. Select an item then select Move to move the item up until it reaches the top; selecting Move again cycles the item to the bottom.

Any item in the tree including the items beneath it can be removed by selecting Remove. Pressing the back button on the browser also causes any changes to be discarded.

Note Remove items with care since no cut, paste, or undo capability is provided. Changes are not committed until you select Update filter or Remove filter.

The symbol [ ! ] at the beginning of any item in the tree indicates that the configuration specified at that level of the tree is incomplete and must be updated before the filter can be added or updated.

NetFlow Export Source Groups

By default, flows are aggregated with other flows from the source address of the originating device. However, if multiple source addresses appear in one export Source Group, flows from these multiple sources are aggregated together.

Note The collector must be restarted for configuration changes to an existing source group to take effect.

 

 

Cisco NetFlow Collector User Guide

 

 

 

 

 

 

OL-11399-01

 

 

2-27

 

 

 

 

 

Image 27
Contents Nfc-hostname8080/nfc Opt/CSCOnfc/bin/nfcollector start allCustomizing the Cisco NetFlow Collector Interface Opt/CSCOnfc/bin/webconfig.shSetting Description Default Value File NFC Login WindowNavigation Cisco NetFlow Collector User Interface Login WindowConfiguration From this window you can access or configure the following Adding Aggregators AggregatorsAdd Aggregator Window Editing an AggregatorModify Aggregator Window ThresholdsFields NetFlow Export Field Window Key Builders10 Key Builders Window Attribute Description BGP AttributeBit Field BooleanByte Array Egress PE Customer NameInteger Ingress CEInteger Range Map Interface Snmp NameIP Address IP Address Range Map Mac AddressMasked IP Address Click Add condition Multi-Field MapSite Name Option DataValue Builders StringSubnet Address 12 Adding a Value Builder Flow Count Active TimeDirectional Sum End TimeSum Max Flow Byte RateRate Start TimeSum with Sampling Estimation Aggregation Schemes14 Modify Aggregation Scheme FiltersNetFlow Export Source Groups 16 NetFlow Export Source Groups NetFlow Export Source Access ListBGP Peer 18 NDE Source Access ListAdvanced GlobalReports Custom Reports Fields of the Custom Reports form are described in Table Field Value Description Single device . For Single device Combine devices , Separate devices , orAll Report TemplatesClick Save as Template Configuring Scheduled ReportsScheduled Reports Navigate Reports Custom Reports25 Scheduled Reports Window 26 Add Scheduled Report Opt/CSCOnfc/Reports/foo Default value is /opt/CSCOnfc/ReportsDaily Path /opt/CSCOnfc/ReportsDisplaying Scheduled Reports 27 Scheduled Reports Folder Reporting Features28 Sample Bar Graph Sorting and Graphing29 Sample Pie Graph TrendingExport and Print FilterDrill Down Control StatisticsHealth Monitor Statistics Port Statistics Opt/CSCOnfc/config/nfcmemSourceid V9 or enginetype and engineid Source Statistics37 Viewing Logs in Web-based UI LogsOL-11399-01