Selected tag: netflow analyzer

When we first adopted Elasticsearch as NetVizura’s primary datastore, we were working with version 6.8. Even back then, Elasticsearch proved to be a powerful and efficient solution for storing diverse data in a single index.

The move to version 7 marked a major step forward. It brought significant performance improvements and introduced syslog support, making our platform even more

The Raw Data submodule was an indispensable part of NetFlow troubleshooting, especially for cases where information couldn’t be found in the numerous charts and tables within NetVizura.

The main limitation of the current implementation was the handling of 1- or 5-minute files (depending on the aggregation period), which

With NetFlow administration and configuration, there are always choices. This blog post will briefly introduce different protocols and their options, as well as real-world examples. Let's dive into two protocols being used today: NetFlow and sFlow.

NetFlow

We won’t discuss history but will instead jump right into the NetFlow protocol's current use and its differences. Currently,

The OpenWrt Project is a Linux operating system that targets embedded devices. Instead of static firmware images, OpenWrt provides a filesystem with a package manager, similar to regular Linux systems. OpenWrt now supports numerous architectures, so you can install it on pretty much anything, even on hypervisors.

NetFlow configuration

For the NetFlow configuration, we will use

Nutanix is a cloud OS for Hyperconverged Infrastructure (HCI). It allows you to control from one place your entire IT infrastructure, with a simple interface and/or on smartphones. Nutanix is usually used as a private cloud infrastructure, where the whole stack - processing, data, virtualization, and network resources - is integrated into Nutanix. Since you are putting all your eggs in one

Virtualization is ubiquitous in the IT world. However, with the ever-increasing complexity, we are faced with the fact that our old tools are insufficient nowadays. That is why we need to accustom ourselves to diverse types of NetFlow configuration. In this post, we will examine the case of Hyper-V, a hypervisor developed by Microsoft.

Configuration

There are two types of Hyper-V

Since Ubuntu 16.04 is approaching its end-of-life (you can, of course, extend it with ESM though that's another story), there is a need to keep your system up-to-date. Unlike CentOS and Red Hat, which don't support in-place upgrades, Ubuntu (and Debian) support upgrading to the new LTS on-the-go.

Procedure

Before we start the upgrade procedure on the NetVizura server, we need

Usually, our customers configure NetFlow export directly on their devices (routers, switches, firewalls, etc). But in case the company policy (especially in Asian countries) prevents enabling export on devices, or if devices are not capable of exporting NetFlow data, we need to implement a NetFlow probe. There are paid probe software options available, however, we will focus on an open-source

NetVizura is a complex software composed of a few databases, Tomcat, and a lot of code, supported on Windows and numerous Linux distributions for AMD64 architecture. With the advent of 8GB RAM RPI 4, there have been numerous projects using this version in its implementation. Maybe the most famous would be ESXi on ARM with project Monterrey (we internally dominantly use Proxmox, while Xen and

OPNsense is an open-source, FreeBSD-based firewall distro. It provides a modern GUI and numerous plugins. A great plus is its ease of use, in contrast to some other open-source firewalls in the past. Also, OPNsense is a fork of Pfsense (we wrote about Pfsense, so check out that blog post as well - the link is below).

pfSense pfSense is a free network firewall distribution,