Requirements for using NetFlow data (principle)

Before you configure the system to analyze NetFlow data, you must enable the NetFlow feature on the routers or other NetFlow-enabled network devices you plan to use. Configure the devices to broadcast NetFlow data to a destination network where the sensing interface of a managed device is connected.

The system can parse both NetFlow version 5 and NetFlow version 9 records. NetFlow exporters must use one of those versions if you export data. Ensure the exported NetFlow templates and records contain specific fields like IN_BYTES, IN_PKTS, PROTOCOL, among others. If your NetFlow exporters are using version 9, which you can customize, you must make sure that the exported templates and records contain the following fields, IN any order:

Your deployment must include at least one managed device that can monitor NetFlow exporters. Connect at least one sensing interface on that managed device to a network for collecting exported NetFlow data. The system does not support the direct collection due to lack of IP addresses on sensing interfaces.

Note that the Sampled NetFlow feature available on some network devices collects NetFlow statistics on only a subset of packets that pass through the devices. While enabling this feature improves CPU utilization, it may affect the NetFlow data collected for system analysis.