Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Configuring NetFlow Export on VMWare vCenter with ESXi

            Modified on Tue, 12 Aug at 11:34 AM

            TABLE OF CONTENTS


            Overview

            We are providing you the steps to integrate your VMware vCentre with ESXi with ADR so you can have comprehensive visibility and proactive threat detection in your environment. There will be a log transfer between your firewall to APE (Analytics and Policy Engine) via CCE (Collection and Control Engine ). This document will guide you through the steps for Netflows forwarding.


            Prerequisite 

            Launch the vSphere Client and log into a vCenter server system.


            Steps to Forward Logs

            1. Log in to the vSphere Client and select the Networking inventory view.
            2. Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings.
            3. Navigate to the NetFlow tab.
            4. Type the IP address of the CCE and Port (Port should be UDP 9995) of the NetFlow collector.
            5. Type the VDS IP address.


            With an IP address to the vSphere distributed switch, the NetFlow collector can interact with the vSphere distributed switch as a single switch, rather than interacting with a separate, unrelated switch for each associated host.

            1. (Optional) Use the up and down menu arrows to set the Active flow export timeout and Idle flow export timeout.
            2. (Optional) Use the up and down menu arrows to set the Sampling rate.
              The sampling rate determines what portion of data NetFlow collects, with the sampling rate number determining how often NetFlow collects the packets. A collector with a sampling rate of 2 collects data from every other packet. A collector with a sampling rate of 5 collects data from every fifth packet.
            3. (Optional) Select "Process internal flows only" to collect data only on network activity between virtual machines on the same host.
            4. Click OK.


            NetFlow is available on vSphere distributed switch version 5.0.0 and later.


            Verification

            Verification can be done either from the CCE Server or from the UI.


            Using the UI

            1. Log in to the UI. Go to System.
            2. Go to Log/Flow Collection Status.
            3. Inside SOURCE DEVICE IP, the IP will be reflected.


            Using the CCE Server

            This command should be running on the CCE server to check whether or not logs are being received:

            sudo tcpdump -i any port 9995 (for flows) and host <IP address> -AAA


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0