Netflow Collector Plugin - 5thColumn/Revolver-wiki-archive GitHub Wiki

The Netflow Collector plugin listens for incoming Netflow data from configured network devices and delivers them to BOSS. Recommended versions include:

  • v1
  • v5
  • v6
  • v7
  • v8
  • v9
  • ipfix

To configure:

  1. Log in to your Revolver instance and navigate to Manage Plugins.
  2. Select the arrow next to Netflow Collector to expand the section and see the fields required for configuration.
  3. Select a listener port (default is 2055). Note: The lowest port you can select is 2055.
  4. Select Configure.
  5. You will receive a notification that the plugin is in the process of being configured. After a few moments, you will receive a second notification that the plugin has been configured and is ready for use. Note: If you receive an error notice after configuring the plugin, select Configure again. If the error persists, contact the support team.
  6. Configure your firewalls using the following as a guide:

[ASA]

asa# conf t

asa(config)#

access-list Any_a extended permit ip any any

flow-export destination inside a.b.c.d 2055

! a.b.c.d is the revolver IP

class-map Any_c match access-list Any_a

policy-map global_policy class Any_c  flow-export event-type all destination a.b.c.d

asa(config)# exit

asa# wr

 

[FirePower]

FirePower is not sending Netflow to the Revolver.

FMC is controlling FirePower.

 

[Meraki]

This document is from the internet. So, if anyone has an exact configuration, please update it.

Navigate to Network-wide > Configure > General.

Search for the Reporting header.

Set NetFlow traffic Reporting to Enabled:send netflow traffic statistics.

For the NetFlow collector IP, enter the Revolver IP.

For the NetFlow collector port, select 2055.

Click Save.

 

[Fortigate]

Configuring the Netflow collector IP:

#config system netflow

set collector-ip <ipv4_addr>

set collector-port <port_int>

end

Enabling Netflow on the Interface:

#config system interface

edit

set netflow-sampler both

end

Ref: https://kb.fortinet.com/kb/documentLink.do?externalID=FD36460

Release Notes

Current Version: 1.3

⚠️ **GitHub.com Fallback** ⚠️