Observer GigaFlow

Documentation

Table of Contents

Observer GigaFlow Documentation

Documentation > Reference Manual for GigaFlow > System > Receivers

Receivers

Add Port and Netflow Processing Threads links at top of page.

Located at System > Receivers.

Here you can view and edit GigaFlow's defined Netflow receivers.

It is important to ensure that the installation is ready to listen. Senders on your network will be configured to send to the GigaFlow server address and to a defined port; these must match the receivers.

GigaFlow is built to receive and process flow records and session-based syslogs. GigaFlow can also process syslog messages relating to specific user or IP authentication details.

Flow records are processed automatically into the flow databases. The records are also checked against blacklisted IPs and against defined Profilers. See System > Blacklists and Profiling.

The syslog messages are sent to the syslog processor for parsing.

Existing Ports

Here you can see the existing listener ports available and if they are receiving flows or syslogs.

You can select the number of ports to show from the dropdown menu above the table, i.e. 10, 25, 50, 100 or all. The default is 50 items. The total number of ports is displayed at the top of the table. The information displayed includes:

  • Port number.
  • Port type.
  • Any associated settings.
  • Minimum, maximum and average number of packets.
  • Status, i.e. running, yes or no.
  • Action: delete Delete icon. or stop Delete icon.Stop icon..

Add Port

To add a new port, click the + icon at the top of the page. Then:

  • Enter the new port number.
  • Enter the new port type.
  • Enter the new port source mask. This mask is applied to the IP address of the source device. It can be useful to consolidate multiple flow senders into virtual source device(s). Leave blank for no summarization.
  • Click Save to create and save.

Netflow Processing Threads

To edit the number of Netflow processing threads, enter the new number and click Save.

Port Threads

The Port Threads table displays summary information about the port threads. This includes:

  • Port number.
  • Type, e.g. V5, V9.
  • Thread.
  • Devices.
  • Received packets.
  • Dropped packets.
  • Current packets.
  • Ignored packets.
  • Max packets.