Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Log & Event Manager (LEM) > Log & Event Manager (LEM) Documentation > LEM Administrator Guide > Collect and view NetFlow and sFlow data

Collect and view NetFlow and sFlow data

Updated: September 15, 2017

This topic describes how to enable and view NetFlow and sFlow data. The Flow utilities are available from Monitor view, the Explore > nDepth view, and the Explore >Utilities view.

About the Flow explorer

Flow explorer performs flow analysis to determine which IP addresses or ports are generating or receiving the most network traffic. Use this explorer to analyze the volume of data (in bytes or packets) transferring to or from an IP address or port number on your network.

For example, if an unknown IP address displays at the top of the Flow explorer’s activity list, you can select a bar on the graph or a row in the table and choose the Whois explorer from the Explore menu to identify the IP address and why it is transmitting so much data.

LEM supports Flow exports from both NetFlow and sFlow devices. Use the Flow explorer in the LEM console to view graphs, charts, and grids, as well as:

  • Top Talkers by Internet Assigned Numbers Authority (IANA)-based Protocol
  • Top Talkers by Port
  • Top Talkers by Source/Destination Address
  • Top Talkers by Total Bytes
  • Top Talkers by Total Packets

See the manufacturer specifications to configure your devices to send Flow data to LEM. LEM supports data on the 2100/UDP for NetFlow devices and 6343/UDP for sFlow devices.

Enable Flow collection and analysis in LEM

  1. Open the CMC command line. See Log in to the LEM CMC command line interface for steps.

  2. At the cmc> prompt, enter service.

  3. At the cmc::service> prompt, enter enableflow.

  4. To confirm your entry, enter y.

    The Manager service on LEM automatically restarts.

  5. At the prompt, enter n and follow the prompts to select the Flow collector and enable Flow Analysis for Flow data collected on another system.

    Otherwise, enter y.

  6. Enter exit and press Enter to return to the cmc> prompt.

  7. Enter exit and press Enter to log out of LEM.

View Flow data in the LEM console

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

  2. Click Monitor.

  3. Click the Explore drop-down menu and select Flow.

    The Flow Explorer presents data in graph, chart, or grid formats.

Last modified

Tags

Classifications

Public