On Wed, 2007-06-06 at 10:24 -0400, Jeff Fitzwater wrote: > New to list... > > Could anyone on this list help with the correct config for NETFLOW > EXPORT for version 9 on a CISCO 6500 with SUP-720-3B running 12.2.18-SXF. > > We are trying to export the flows to a "QRadar" device but the date > we are seeing does not come close to what we see with our MRTG data. I > understand that flows are not every packet but the flow data does > contain the count and QRadar can show the flows in bits per second and > packets per second. It appears that only routed (RP) flows are pushed > out, and according to the doc you don't need the MLS configs (SP/PFC)
You need: mls nde sender > for version 9. We also do not have bridged flows. All data is routed > except for some monitoring ports. > I could use version 5 but 9 has TCP connection info. > > > I have already discussed this with CISCO, but they never give me the > same answer twice. The doc is extremely confusing when it comes to the > 7203B running 12.2.18SXF version 5 or 9. > > Maybe it's working correct and I just don't know it. > ---------------------------- > > This is what I have setup.... > > > ip flow-cache timeout inactive 10 > ip flow-cache timeout active 5 > > Not sure about if the following is needed > ip flow ingress layer2-switched vlan 268,524-525,3553,4000-4001 > > > On all vlan interfaces I have the following... > ip route-cache flow You don't need that. You need: ip flow ingress ...on each VLAN interface. > > > > ip flow-export source Loopback2 > ip flow-export version 9 > ip flow-export template options export-stats > ip flow-export template options timeout-rate 1 > ip flow-export template timeout-rate 1 > ip flow-export destination "host IP" 2055 > ip flow-aggregation cache protocol-port > export version 9 > export template timeout-rate 1 > export destination "host IP" 2055 > enabled > > ------------------------------------------ > > > Thanks for any help. > > > Jeff Fitzwater > OIT Network Systems > Princeton University > > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
