This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Netflow data - How often is it exported to a collector and..

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Netflow data - How often is it exported to a collector and..

LShelton
L1 Bithead

‎02-09-2016 06:05 AM

Our firewall is setup to export Netflow data to Nagios Network Analyzer.  We need to know:

 

a)  How often is data exported from the Palo Alto to the NNA collector, and

b)  How large are the packets sent from the Palo to the collector

 

Any ideas on where to find this information?

0 Likes Likes
7 REPLIES 7

pankaku
L5 Sessionator

‎02-09-2016 06:18 AM

The frequency of the net flow export can be configured by "Active Timeout" under the netflow profile.

 

Active Timeout is the frequency in minutes at which the firewall exports records (default is 5).

 

Check the following document:

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-Netflow-Server-Profile-...

0 Likes Likes

pankaku
L5 Sessionator

‎02-09-2016 06:20 AM

check the following admin guide for more information. In the PDF search for "NetFlow Monitoring"

 

https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os.html

 

 

0 Likes Likes

LShelton
L1 Bithead
In response to pankaku

‎02-09-2016 06:25 AM

Sweet thanks for that!!  When I first read that before posting it sounded like the Active Timeout was what I was looking for.  As for the size of the netflow data sent at the Active Timeout interval, is that the setting of "Packets" under "Template Refresh Rate?"

0 Likes Likes

pankaku
L5 Sessionator
In response to LShelton

‎02-09-2016 06:27 AM

Template Refresh Rate is different then the packet size. You can do pacps on the firewall to check the packet size.

 

Hope this helps.

0 Likes Likes

LShelton
L1 Bithead
In response to pankaku

‎02-09-2016 06:37 AM

So when the Palo sends the data to the collector every minute, it's just a single packet?

0 Likes Likes

pankaku
L5 Sessionator
In response to LShelton

‎02-09-2016 07:34 AM

Not sure about the size it may vary. Firewall may send multiple packets. Check the screenshot i have attached. The screenshot is from a firewall sending the netflow packets to netflow server.

NetFlow.png

0 Likes Likes

pankaku
L5 Sessionator
In response to LShelton

‎02-09-2016 09:50 AM

We can use the following command for some statististics:

 

 debug log-receiver netflow statistics

0 Likes Likes
  • 3716 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks