FlowTraq is designed to support the vast majority of flow formats. Instead of listing all compatible devices, we list supported formats. Please refer to your equipment manufacturer's documentation for details on your specific device.
- NetFlow v1, v5, v7, and v9
The NetFlow format was designed by CISCO, and one or more versions of NetFlow are supported by the vast majority of their devices. NetFlow is a push protocol and FlowTraq listens on the default port, so only your sending devices need to be configured in order to use NetFlow. NetFlow datagrams are generally sent to port UDP/2055.
NetFlow and IPv6 Use NetFlow v9 if you have IPv6 traffic on your network, as it is the only version to support IPv6.
- cFlow and jFlow
These formats are variations on the NetFlow v5. Ports UDP/9666 and UDP/9996 are sometimes used instead of or in addition to UDP/2055. FlowTraq Server supports listening on multiple ports, so deployments in mixed environments are not a problem.
- IPFIX (both TCP and UDP)
Like NetFlow, IPFIX is a push protocol. By default, FlowTraq listens for IPFIX over UDP on port 2055. Configure alternative or additional listen ports in the Exporters panel in Preferences.
By default, FlowTraq is not configured to listen for IPFIX over TCP. You can configure a listen port or ports in the Exporters panel in Preferences.
- sFlow v2, v4, and v5
The sFlow format is a scalable sampled flow format. In contrast to NetFlow, it is not a push protocol. Rather, it is up to the collector to configure the source via SNMP. FlowTraq Server uses SNMPv2 to configure sFlow-capable devices. Export packets are generally sent to port UDP/6343.
- CISCO NSEL (ASA Firewall Events)
FlowTraq accepts Network Secure Event Logging (NSEL) from the CISCO ASA firewall line. The NSEL events (flow created, flow deleted, flow denied) are packaged in NetFlow version 9 templates, and FlowTraq allows you to search for all three event types as well as the extended event codes (typically, explanations for why a flow was denied).
Like NetFlow, NSEL events are push updates. On the collector side, NSEL is configured in the same way as NetFlow version 9.
Please note that the ASA firewall flow exports contain less information than NetFlow updates. FlowTraq uses heuristics to infer some of the missing information.
Tip | |
---|---|
If you don't have flow export-capable hardware, or if you prefer NetFlow to the format your hardware uses, you may use Flow Exporter, a free software-based flow sensor we develop as a companion to FlowTraq. Please see Section 6.4, “Using Flow Exporter” for more information on Flow Exporter. |