Blog :: Configuration

SolarWinds NetFlow Traffic Analyzer Integration

briand

This blog will provide a detailed guide on how to integrate SolarWinds Orion with Plixer’s Scrutinizer. Before we get to the how of integration, we need to understand why we would want to do this in the first place. After all, SolarWinds already collects flow data…right?

By integrating Scrutinizer with any large-scale network monitoring system, there are 3 key gains I often reference: context, security, and scale.

Context:

Here’s the rub: if you look at any product that collects flow data, you’ll see a particular phrase somewhere in the product description— “Supports v5, v9, IPFIX, sFlow, J-Flow, etc.” If you’re new to flow technology, you may not realize that there is a key difference between ‘supports’ and ‘reports.’

More often than not, ‘support’ means the vendor will parse out legacy flow fields (e.g. NetFlow v5) and only ‘report’ on those—everything else is tossed out with the bathwater.

The problem? The collector is throwing away context! Scrutinizer reports on over 5000 unique elements within flow data. Historically, this depth of data could only be accessed with packet capture or network agents—details like jitter, packet loss, URL, and layer 7 application are all there.  But integrating Scrutinizer with your NMS will allow your organization access to them.

Security:

Integrating Scrutinizer with your SolarWinds install will add an additional layer of security to your network in two ways.

Proactively: Scrutinizer does pattern recognition on all flow data, which helps to detect a wide variety of unwanted traffic from malware to poor network hygiene. SolarWinds does not.

Forensically: Scrutinizer stores every single flow, so that when incident responders need the data, it’s there. Scrutinizer even tracks Miss Flow Sequence numbers to ensure that everything being sent reaches the database.

Scale:

Over the years, the number of flows per second customers can generate has risen dramatically. The rise can be attributed to more devices being on the network, but it is also important to consider vendors like Gigamon, who can export extremely high rates of unsampled flow from core infrastructure.

Whatever the case, one thing remains true these days—if it’s slow, it’s broken. Integrating Scrutinizer with your NMS allows your engineering team to have an extremely scalable and fast solution that will continue to report on the latest and greatest flow technologies have to offer.

With that out of the way, let’s tackle the integration. The first step is to navigate to Admin > Definitions > Third Party Integrations within your Scrutinizer installation.

From the Existing Integrations dropdown, select SolarWinds and modify the IP address to your SolarWinds server. Make sure to uncheck ’Disabled’ while you’re in there.

Scrutinizer 3rd-Party Integration

Next, head over to Admin > Settings > SolarWinds integration, fill out the form, and hit save.  The API port will be prepopulated to what SolarWinds utilizes.

Scrutinizer SolarWinds integration

From there, you’re good to go. SolarWinds NetFlow integration can now be easily accessed from within the Scrutinizer UI.

Do you want to take your SolarWinds installation to the next level? Please let us know so we can help you take advantage of everything flow exports have to offer.