Configuring Flow Collection
Configuring Destination FTP Servers for Flow Records
Flow collection destinations are where the compressed ASCII data files are sent after the cflowd records are collected and processed. To specify the destination FTP server, include the destinations statement at the [edit services flow-collector] hierarchy level. You can specify up to two FTP server destinations and include the password for each configured server. If two FTP servers are configured, the first server in the configuration is the primary server and the second is a backup server.
To configure a destination for flow collection files, include the destinations statement at the [edit services flow-collector] hierarchy level:
To specify the destination FTP server, include the ftp:url statement. The value url is the FTP server address for the primary flow collection destination and can include macros.
When you include macros in the ftp:url statement, a directory can be created only for a single level.
For example, the path ftp://10.2.2.2/%m/%Y expands to ftp://10.2.2.2/01/2005, and the software attempts to create
the directory 01/2005 on the destination FTP server. If
the 01/ directory already exists on the destination FTP
server, the software creates the
/2005/ directory one level down. If the 01/ directory does not exist on
the destination FTP server, the software cannot create the
/2005/ directory, and the FTP server destination
fails. For more information about macros, see ftp.
To specify the FTP server password, include the password “password” statement. The password must be enclosed in quotation marks. You can specify up to two destination FTP servers. The first destination specified is considered the primary destination.
Configuring a Packet Analyzer
You can specify values for the IP address and identifier of a packet analyzer to which the flow collector interface sends traffic for analysis. The values you specify here override any default values configured elsewhere.
To configure an IP address and identifier for the packet analyzer, include the analyzer-address and analyzer-id statements at the [edit services flow-collector] hierarchy level:
Configuring File Formats
You configure data file formats, name formats, and transfer characteristics for the flow collection files. File records are sent to the destination FTP server when the timer expires or when a preset number of records are received, whichever comes first.
To configure the flow collection file format, include the file-specification statement at the [edit services flow-collector] hierarchy level:
To set the data file format, include the data-format statement. To set the file name format, include the name-format statement. To set the export timer and file size thresholds, include the transfer statement and specify values for the timeout and record-level options.
For example, you can specify the name format as follows:
In this example, cFlowd-py69Ni69-0 is the static portion used verbatim, %D is the date in YYYYMMDD format, %T is the time in HHMMSS format, %I is the value of ifAlias, %N is the generation number, and bcp.bi.gz is a user-configured string. A number of macros are supported for expressing the date and time information in different ways; for a complete list, see the summary section for name-format.
Configuring Interface Mappings
You can match an input interface with a flow collector interface and apply the preset file specifications to the input interface.
To configure an interface mapping, include the interface-map statement at the [edit services flow-collector] hierarchy level:
To configure the default flow collector and file specifications for all input interfaces, include the file-specification and collector statements at the [edit services flow-collector interface-map] hierarchy level. To override the default settings and apply flow collector and file specifications to a specific input interface, include the file-specification and collector statements at the [edit services flow-collector interface-map interface-name] hierarchy level.
Configuring Transfer Logs
You can configure the filename, export interval, maximum size, and destination FTP server for log files containing the transfer activity history for a flow collector interface.
To configure a transfer log, include the transfer-log-archive statement at the [edit services flow-collector] hierarchy level:
To configure the destination for archiving files, include the archive-sites statement. Specify the filename as follows:
where cFlowd-py69Ni69-0 is the static portion used verbatim, %D is the date in YYYYMMDD format, and %T is the time in HHMMSS format.
You can optionally include the following statements:
filename-prefix—Sets a standard prefix for all the logged files.
maximum-age—Specifies the duration a file remains on the server. The range is 1 through 360 minutes.
Configuring Retry Attempts
You can specify values for situations in which the flow collector interface needs more than one attempt to transfer log files to the FTP server:
Maximum number of retry attempts
Amount of time the flow collector interface waits between successive retries
To configure retry settings, include the retry and retry-delay statements at the [edit services flow-collector] hierarchy level:
The retry value can be from 0 through 10. The retry-delay value can be from 0 through 60 seconds.