This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

netflow behavior

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

netflow behavior

Go to solution
Roby_Sreejith
L4 Transporter

‎07-05-2018 07:53 AM

Is the session is long live ( some applications like nfs,panorama) will start and last till 1 month.

As we have configured log at session end, the log entry will be created once the session is ended.

However we have configured netflow as well.

Netflow is also reporting data to netflow server once the session ended on firewall ( which is 1 month later)

Is this beghavior correct for netflow, I was think it used to report every session information based on interval configured which around 30 min.

We are getting this information on netflow only after session ends. This is affecting for long duration sessions like 1 month.

Is there any parameters to tweak this behavior

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
gwesson
L7 Applicator

‎07-05-2018 02:40 PM

That is expected behavior.

 

Before the session ends, the values for things like duration and bytes would not be accurate later if you needed to investigate a particular flow. There wouldn't be an easy way to do delta calculations on the same session since that would require keeping a table of the various active sessions that were still active before, which would probably too much overhead.

 

You're right in that there is a delta reporting for your configured interval, but that serves to buffer requests and provide cadence. Since the session still didn't end in that interval, the firewall won't use that session until it is actually completed.

View solution in original post

1 REPLY 1

Go to solution
gwesson
L7 Applicator

‎07-05-2018 02:40 PM

That is expected behavior.

 

Before the session ends, the values for things like duration and bytes would not be accurate later if you needed to investigate a particular flow. There wouldn't be an easy way to do delta calculations on the same session since that would require keeping a table of the various active sessions that were still active before, which would probably too much overhead.

 

You're right in that there is a delta reporting for your configured interval, but that serves to buffer requests and provide cadence. Since the session still didn't end in that interval, the firewall won't use that session until it is actually completed.

  • 1 accepted solution
  • 3128 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks