2-27
Cisco NetFlow Collector User Guide
OL-11399-01
Chapter2 Using the NetFlow Collector User Interface Configuration
The Filter editor is applet-based. A tree on the left hand side of the filter editor shows the elements of
thefilter. A form on the right hand side of the filtereditor contains the attributes for the currently selected
item in the tree.
The top item of the tree contains a unique identifierfor the filter. Directly beneath the top of the tree is
onefilter condition or filter expression. Add the top-level filtercondition or expression by selecting Add
condition or Add expression when the top item is selected.
Afilter condition performs an equality check on the output value of a key builder that is invokedfor each
flow.The type of a filter condition is either an integer condition, address condition, string condition, or
nde-sourcecondition. Depending on which condition type you select, only the key builders that produce
thattype of value can be selected. The nde-source condition checks the address of the device from which
the flow originated.
When creating a filter condition, specify:
•Whether the equality check is equals or not-equals
•Which key builder creates the value to be checked
In addition, an address condition accepts an optional integer mask value that is applied to the address
before the equality check is performed. If the mask field is left blank, no mask is applied.
Directlybeneath the filter condition is one or more value or range items. These determine the set of target
values to which the equality check is applied. Add a value or range to the filter condition by selecting
Addvalue or Add range. For an integer condition, only integer values and ranges can be entered; only
IP address valuescan be entered for address filter conditions. An nde-source condition accepts only IP
address values. Note that ranges cannot be entered for string filter conditions, only single values.
Booleanlogic is applied to two or more filter conditions using a filter expression. A filterexpression can
also appear within an expression in place of a filter condition.
To create a filter expression, specify the logical operatorand,or,nand (not-and), or nor (not-or) and
select Add expression. An expression must contain at least two other conditions or expressions.
The conditions and expressions within an expression are evaluated in top-down order. Evaluation
performance for an expressioncan be optimized by placing conditions and expressions which are more
likely to occur to the top. Select an item then select Move to move the item up until it reaches the top;
selecting Move again cycles the item to the bottom.
Any item in the tree including the items beneath it can be removed by selectingRemove. Pressing the
back button on the browser also causes any changes to be discarded.
Note Removeitems with care since no cut, paste, or undo capability is provided. Changes are not committed
until you select Update filter or Remove filter.
Thesymbol [ !]at the beginning of any item in the tree indicates that the configuration specified at that
level of the tree is incomplete and must be updated before the filter can be added or updated.
NetFlow Export Source GroupsBy default, flows are aggregated with other flows from the source address of the originating device.
However, if multiple source addresses appear in one export Source Group, flows from these multiple
sources are aggregated together.
Note The collector must be restarted for configuration changes to an existing source group to take effect.