Solved: "NetFlow for Splunk powered by NetFlow Integrator"...

SplunkFu · ‎02-26-2013

Hi there,

We are just looking at using Netflow for our Cisco ASA's rather than using syslog (networks request). However, we are experiencing issues with the "NetFlow for Splunk powered by NetFlow Integrator" App... We can see traffic for UDP/9995 being received by the hosting server. However we are not seeing any data in Splunk.

There are no errors in any of the app log files, or in Splunk log files

This is a standard installation of the app (i.e. standard install/config, accepted license) on a single server.

Is there any points that we can look into?

Thanks in advance.

dmiller2010 · ‎02-27-2013

The differences are as follows;

NetFlow for Splunk App

NetFlow Integrator is bundled with the App
NetFlow v5, v9
Conversion of NetFlow one to one

Ideal for less than 100 flow records per second

NetFlow for Splunk Essential App

NetFlow Integrator is bundled with the App
NetFlow v5, v9
Conversion of NetFlow with Consolidation - Consolidation greatly reduces the storage demands of NetFlow

Ideal for more than 100 flow records per second

NetFlowIntegrator Standard

NetFlow Integrator Software, Not an App
NetFlow v5, v9, PAN v9, NSEL
Conversion of NetFlow with Consolidation options
Rules
Watch Lists

Splunk Apps

Network Traffic Monitor for Standard
Network Device Monitor for Standard
Cisco ASA Monitor for Standard
Top Talkers Monitor for Standard

Let me know if that helps clarify the differences

View solution in original post

dmiller2010 · ‎02-27-2013

The differences are as follows;

NetFlow for Splunk App

NetFlow Integrator is bundled with the App
NetFlow v5, v9
Conversion of NetFlow one to one

Ideal for less than 100 flow records per second

NetFlow for Splunk Essential App

NetFlow Integrator is bundled with the App
NetFlow v5, v9
Conversion of NetFlow with Consolidation - Consolidation greatly reduces the storage demands of NetFlow

Ideal for more than 100 flow records per second

NetFlowIntegrator Standard

NetFlow Integrator Software, Not an App
NetFlow v5, v9, PAN v9, NSEL
Conversion of NetFlow with Consolidation options
Rules
Watch Lists

Splunk Apps

Network Traffic Monitor for Standard
Network Device Monitor for Standard
Cisco ASA Monitor for Standard
Top Talkers Monitor for Standard

Let me know if that helps clarify the differences

SplunkFu · ‎02-28-2013

That's great thanks.

dmiller2010 · ‎02-26-2013

The NetFlow for Splunk app does not support Cisco ASA NSEL, however, you can use our Standard Edition software available on our web site as a 30-Day free trial at: www.netflowlogic.com along with our most recent Splunk App - Cisco ASA Monitor available on Splunkbase at: http://splunk-base.splunk.com/apps/72686/cisco-asa-monitor-for-netflow-standard

You can install our software in minutes, begin converting NSEL into Syslog, and utilize the Cisco ASA Monitor App to gain immediate insights such as;

Top Bandwidth Consumers
Top Destinations
Top Violators
Top Connectors

Let us know if you have any questions, or require any assistance with configuration by contacting support at: https://netflowlogic.zendesk.com/home

SplunkFu · ‎02-27-2013

@dmiller2010, What is the difference with the integrator versions then?

"NetFlow for Splunk powered by NetFlow Integrator" not working correctly for Cisco ASA

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!