Submit a ticketCall us

Bridging the ITSM Divide
Integrated help desk and remote support software for faster resolution

Join us on Wednesday, November 29, 2017 at 11 a.m. CT, as we discuss the benefits of effectively integrating your help desk software with remote support solutions to help increase the efficiency of IT administration, improve communication, and decrease mean time to resolution (MTTR) for IT issues of all sizes. This directly impacts end-user satisfaction and your business’ bottom line. Register Now.

Home > Success Center > Log & Event Manager (LEM) > LEM Administrator's Guide > Collect and view NetFlow and sFlow data

Collect and view NetFlow and sFlow data

Updated: September 15, 2017

This topic describes how to enable and view NetFlow and sFlow data. The Flow utilities are available from Monitor view, the Explore > nDepth view, and the Explore >Utilities view.

About the Flow explorer

Flow explorer performs flow analysis to determine which IP addresses or ports are generating or receiving the most network traffic. Use this explorer to analyze the volume of data (in bytes or packets) transferring to or from an IP address or port number on your network.

For example, if an unknown IP address displays at the top of the Flow explorer’s activity list, you can select a bar on the graph or a row in the table and choose the Whois explorer from the Explore menu to identify the IP address and why it is transmitting so much data.

LEM supports Flow exports from both NetFlow and sFlow devices. Use the Flow explorer in the LEM console to view graphs, charts, and grids, as well as:

  • Top Talkers by Internet Assigned Numbers Authority (IANA)-based Protocol
  • Top Talkers by Port
  • Top Talkers by Source/Destination Address
  • Top Talkers by Total Bytes
  • Top Talkers by Total Packets

See the manufacturer specifications to configure your devices to send Flow data to LEM. LEM supports data on the 2100/UDP for NetFlow devices and 6343/UDP for sFlow devices.

Enable Flow collection and analysis in LEM

  1. Open the CMC command line. See Log in to the LEM CMC command line interface for steps.

  2. At the cmc> prompt, enter service.

  3. At the cmc::service> prompt, enter enableflow.

  4. To confirm your entry, enter y.

    The Manager service on LEM automatically restarts.

  5. At the prompt, enter n and follow the prompts to select the Flow collector and enable Flow Analysis for Flow data collected on another system.

    Otherwise, enter y.

  6. Enter exit and press Enter to return to the cmc> prompt.

  7. Enter exit and press Enter to log out of LEM.

View Flow data in the LEM console

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

  2. Click Monitor.

  3. Click the Explore drop-down menu and select Flow.

    The Flow Explorer presents data in graph, chart, or grid formats.

Last modified

Tags

Classifications

Public