Submit a ticketCall us

AnnouncementsAre You “Flying Blind?”

When it comes to your complex IT infrastructure, you want to ensure you have a good grasp of what’s going on to avoid any fire drills that result from guesswork. Read our white paper to learn how proactively monitoring your IT environment can help your organization while giving you peace of mind.

Get your free white paper.

Home > Success Center > Log & Event Manager (LEM) > Log & Event Manager (LEM) Documentation > LEM Administrator Guide > Collect and view NetFlow and sFlow data

Collect and view NetFlow and sFlow data

Updated: September 15, 2017

This topic describes how to enable and view NetFlow and sFlow data. The Flow utilities are available from Monitor view, the Explore > nDepth view, and the Explore >Utilities view.

About the Flow explorer

Flow explorer performs flow analysis to determine which IP addresses or ports are generating or receiving the most network traffic. Use this explorer to analyze the volume of data (in bytes or packets) transferring to or from an IP address or port number on your network.

For example, if an unknown IP address displays at the top of the Flow explorer’s activity list, you can select a bar on the graph or a row in the table and choose the Whois explorer from the Explore menu to identify the IP address and why it is transmitting so much data.

LEM supports Flow exports from both NetFlow and sFlow devices. Use the Flow explorer in the LEM console to view graphs, charts, and grids, as well as:

  • Top Talkers by Internet Assigned Numbers Authority (IANA)-based Protocol
  • Top Talkers by Port
  • Top Talkers by Source/Destination Address
  • Top Talkers by Total Bytes
  • Top Talkers by Total Packets

See the manufacturer specifications to configure your devices to send Flow data to LEM. LEM supports data on the 2100/UDP for NetFlow devices and 6343/UDP for sFlow devices.

Enable Flow collection and analysis in LEM

  1. Open the CMC command line. See Log in to the LEM CMC command line interface for steps.

  2. At the cmc> prompt, enter service.

  3. At the cmc::service> prompt, enter enableflow.

  4. To confirm your entry, enter y.

    The Manager service on LEM automatically restarts.

  5. At the prompt, enter n and follow the prompts to select the Flow collector and enable Flow Analysis for Flow data collected on another system.

    Otherwise, enter y.

  6. Enter exit and press Enter to return to the cmc> prompt.

  7. Enter exit and press Enter to log out of LEM.

View Flow data in the LEM console

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

  2. Click Monitor.

  3. Click the Explore drop-down menu and select Flow.

    The Flow Explorer presents data in graph, chart, or grid formats.

Last modified