Mikrotik – Traffic Analysis – NetFlow Analyzer
ManageEngine NetFlow Analyzer.
This web application is written in Java, as an HTTP server supports Apache, for storing data used by MySQL.
Using NetFlow Analyzer may own functional design “dashboards” that are suitable for the monitoring of the most important parts of the network infrastructure. Each panel is created taking into account the specific role of the individual administrator and may consist of multiple elements (widgets), responsible for the extraction of information from various sources.
Thanks to visibility dashboards NetFlow Analyzer can glance to assess the situation, get an idea of the current load on the different parts of the network and examine performance without spending time searching and browsing disparate reports. Supplied NetFlow Analyzer includes over fifty “widgets.”
Let’s start from the beginning, ie installation and setup.
Installing NetFlow Analyzer.
Download the platform for our interest (Windows, Linux), in this case, Windows.
Run.
All components are placed in one folder on this if you wish, you can choose any.
Just when installation is requested ports on which services will work. Web interface port and the port on which the NetFlow packets will be sent.
Indicate that would run as a service.
Specify the registration data
In general, all as always, “Next”, “Next”, “agree”, “Once More,” “Finish”.
Upon completion of the installation is started does gets on the login page, the default user admin, and password admin.
Setting Mikrotik.
It’s all ready, now go to the management console Mikrotik and direct the flow of data to our server.
Or all the same, only from the console:
/ Ip traffic-flow set enabled = yes
/ Ip traffic-flow target add address = 192.168.1.78: 9996 version = 9
The first team activates the service, the second indicates the receiving point, port, and protocol version.
Initial setup NetFlow Analyzer.
Now enter the NetFlow Analyzer and see what we have.
The first place you fall, it’s a list of interfaces being monitored, in this example, the interface named IfIndex * incoming connections on this vpn, interfaces complete * and it crafts * providers, local is the LAN interface.
If something does not work, then it makes sense to check the appropriate port on which the analyzer and listening port that is specified in Mikrotik.
Go to Admin Operations, Product Settings.
Server Settings – Server Settings.
NetFlow / sFlow Listener Port – the port on which flows are taken from the devices.
WebServer Port – the port of the web interface.
Count Of Top Records to Store – the maximum number of rows in the tables with the displayed data.
DNS Settings – set specific dns names.
Resolve only when “Resolve DNS” link is clicked – selected by default, specifies the names by clicking on the “Resolve DNS”.
Resolve DNS names automatically by default- specifies the names automatically (slows down the work)
Resolved DNS count in cache – Size DNS cache.
User defined DNS names – Zdaes can specify static dns entry.
Probably the second place where you should look in the settings, and configure it to send mail.
Press the Test Mail.
Dashboard.
As mentioned at the outset is an interesting chip DashBoard, which exists in a certain initial state.
But the administrator can make the panel with widgets “for themselves.” For example, do something like this (it is not necessary to delve into much sense:-) I just pulled out the maximum potential widgets)
They’re – here or who goes where and what shakes.
Let us return to the Interface tab and look at the statistics for one particular.
The application tab displays information on the type of traffic.
Click on a specific line, and we get detailed information. For example information on the HTTP traffic.
You can reduce the results to the output (for example) 10 and do the conversion in the names ip (helps very not always).
You can also request a detailed timetable for each compound.
In the Source tab to receive reports on sources of traffic, and just select the specific element we get the details on it.
Group addresses.
Sometimes it is interesting to consider the traffic for multiple users simultaneously, for example servers that perform the exact same role.
Under Admin Operations have Subpart IP Grouups, where you can combine multiple addresses in a group to create a group of entire subnets, etc.
Further it is already possible to obtain all of the same reports, but in the context of addresses, combined in this group.
For the lazy – reports by mail.
Probably the most enjoyable thing that I liked is the ability to generate reports and get out in the mail, it was not necessary to climb every morning in this interface and to order them, they just came with the morning mail.
Go to section Admin Operations, in subsection Schedule Reports.
As a result, the morning will receive a letter about this content.
Where will lie on the pdf-have for every interface about this content.
My name is Rayhan and I’m an IT professional with over 10 years of experience in the field. I’m passionate about all things tech, and I love helping people solve their IT problems. In my free time, I enjoy tinkering with new gadgets and software, and I’m always on the lookout for the latest tech trends. I believe that technology has the power to make our lives easier and more enjoyable, and I’m excited to be a part of this ever-evolving field. Thank you for taking the time to visit my page.