Blog :: Network Operations :: Security Operations

Exporting Server Statistics with IPFIX

There has been much hype concerning IPFIX since it was finally given the title as an IETF standard last month; if you want to read up more on the differences between NetFlow v9 and IPFIX see this blog titled “IPFIX vs. Netflow v9”. In this blog I want to go over just a few of the cool things you can report on by converting certain elements as IPFIX and sending them to your NetFlow collector.

Server Vital Statistics

One of the very helpful things you can do is convert system resource information as IPFIX and send it to your NetFlow collector. This allows you to report, with granular detail, on the vitals of mission critical servers that are residing on your network. As you can see from the image below, I am running a report to show me the amount of physical RAM/virtual RAM/the number of running processes and CPU utilization. After the report has run we can even setup alerts for notification  if utilization has gone over a certain limit for any period of time you specify, or even just have a PDF/CSV of the report be emailed to you every morning.

Server monitoring tool

Server flows tied to a process ID

Say one day you notice some performance issues on your network, and you are trying to narrow down the culprit, you find that a particular server’s flow rate increased exponentially and are trying to figure out what process is actually causing this. With IPFIX, we can export some key information to tie flow rate to a process ID. This further enhances the response time in handling network related performance problems. You can see from the report below we are running a netstat on a server that we are monitoring, from here we can see all of the listening ports/process ID’s and even a bit count.

IPFIX system monitoring

Export Windows Event Logs

As you can see from the image below, there are a lot of different reports that we can create using the information exported as IPFIX. Some of the ones in the image can even tie user names to specific events which gives you a forensic level of detail on what is happening and make network visibility that much greater.

Just look at all of the nice reports I created to report on Windows event logs and other network health statistics. The amount of information that can be converted and sent as IPFIX is already phenomenal and the technology is only going to go further. One thing to keep in mind is to make sure your NetFlow monitoring tool has the ability to handle all this juicy information.

windows event log reporting

If you need any help setting up these kinds of reports or have any questions on what other information we can export as IPFIX definitely feel free to let us know in support.