More and more flow exporting vendors are making the move to IPFIX and at Plixer, we feel that implementing RFC 5610 should be part of the decision.  The reason for this is because IPFIX is capable of exporting everything in NetFlow v5 as well as additional fields such as top multicast addresses, IPv6 addresses, packet lengths, MPLS labels, VLANs, MAC addresses and several other details and performance metrics that the vendor can decide on and even make up. Without RFC 5610, the IPFIX collector doesn’t know how to decipher these sometimes proprietary elements.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Syslogd is often used to turn machine messages or syslogs into events for further processing. Ultimately, alarms are generated which can trigger some type of notification.  The problem with the messages created by syslogd, is their nonstandard and loosely structured data format.  This post is about the end of Syslog and the evolution of IPFIX due largely to the fact that the data exported in IPFIX is highly structured.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

I just finished watching a video by Swasti Verma on the Avaya WLAN 8100 wireless controller IPFIX support and as a result I thought a blog on the Avaya 8100 IPFIX configuration was in order.  The configuration is pretty short, feel free to copy the commands below, edit them and paste them into your console.
Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Good news: Solera IPFIX support is available in our IPFIX reporting solution.  This is no surprise as Flow Analysis (NetFlow and IPFIX) continue to gain popularity in several key areas of many IT security programs:

• Data reconnaissance on the source or perpetrator of the threat (i.e. who did what to whom, when and where)
• Merge with other data sources to gain greater contextual information surrounding the details of the malware
• Host Reputation look ups

For those of you who need to get this setup fast, here are the instructions that we got from the documentation.
Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Is your engineering team trying to decide if you should be exporting NetFlow or IPFIX? This is the area of the technology where many first time vendors make mistakes. Implementing NetFlow or IPFIX is not difficult. But when programmers rely solely on RFCs as an implementation resource, the result is usually an export that many flow reporting vendors won’t support.  For this reason, this blog is largely dedicated to engineers who either want to export these technologies correctly or who need to troubleshoot what is wrong with an export they have been asked to look at.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Now that VMware vSphere ESX v5.1 supports IPFIX you may be wondering how to configure it; in fact, today I’m going to show you just that in a couple easy steps. VMware IPFIX support is a very exciting feature that will help with performance monitoring and can make virtual network management a lot easier to accomplish. Monitoring virtual servers has never been easier! Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Our Network security solution is a leader in cutting edge NetFlow collection innovation; here are top 13 features you should know about:

1. Chosen by Cisco to support their most innovative Flexible NetFlow technologies.  The “Medianet 2.2 Deployment Guide”   can be found on page 7,8,10 & 11.  We were the first to support Cisco Performance Monitoring (PfR) FnF exports which help secure that business related traffic receives priority. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Introducing NetFlow and IPFIX

This article covers the benefits and capabilities provided by a new class of network monitoring technology called a NetFlow generator. But before we get too far into NetFlow generation details, let’s do a quick review of NetFlow itself for those that are new to the topic.

NetFlow and IPFIX are network monitoring technologies providing deep visibility into network traffic. NetFlow was originally developed by Cisco and later standardized into IPFIX by RFC 5101. Traditionally, NetFlow was included as a feature of routers, switches, firewalls, and other network devices. It’s even found in virtualization platforms such as VMWare’s vSphere 5.0 and above. Any device that can generate NetFlow packets is called an exporter. As packets travel through the exporter the device records information about the flow of traffic. Data elements such as packet count, source and destination IP, MAC address, and much more are stored in a memory resident data structure within the exporter called a cache. As the flows time out they are placed into a UDP datagram and sent across the network to a NetFlow Collector. The diagram below illustrates the process.

Once enabled NetFlow is used for a variety of network operations and security tasks including:

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Have you upgraded your Cisco ASA to version 8.4(5) for the latest and greatest security features and NetFlow (NSEL) enhancements from Cisco Systems? Well, if you have, you may have noticed that the NetFlow reporting broke.  Have no fear, we fixed this issue in Scrutinizer version 10.1 which is being released in a couple of days.  But, WAIT! There’s more!

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Many Network Management Solutions on the market lack support for sFlow, NetFlow and IPFIX reporting and threat detection.  If you are looking for EM7 NetFlow support, our NetFlow solution easily integrates with EM7 from ScienceLogic and we do it in 3 ways to provide the best network traffic monitoring solution.
Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!