19.1 Understanding Network Flow Data Collection
Sentinel supports NetFlow versions v5, v9, and v10 (IPFIX). The NetFlow Collector Manager collects network flow data from supported routers, switches, and other network devices.
19.1.1 NetFlow Collector Manager
The NetFlow Collector Manager collects and processes network flow data. The following figure illustrates how NetFlow Collector Manager works:
Figure 19-1 NetFlow Collector Manager
The NetFlow Collector Manager includes the following components:
-
Network flow aggregator: Collects and aggregates the raw network flow data from the connected devices.
-
Data collector: Requests the network flow data from the network flow aggregator store every 10 minutes (configurable) and sends the data to the data store.
-
Data store: Stores batches of network flow data ready to be sent to Sentinel.
-
Data forwarder: Forwards any network flow data waiting in the data store by using the HTTPS protocol.
-
If the Sentinel server is not reachable, the data remains in the output store until it reaches the maximum queue size. The data forwarder continues to send the buffered data when the Sentinel server is available.
-
The number of files that the output store can store depends on the queue size. You can configure the queue size in the /etc/opt/novell/sentinel/config/netflow-collector-configuration.properties file. For more information, see Customizing the NetFlow Configuration.
-
If an error occurs during the data transfer to Sentinel, the data forwarder will move the associated batch files to the error store. You can send this data again by manually copying the data from the error store to the output store.
-
To install the NetFlow Collector Manager, you must have administrator privileges or the Send NetFlow data permission. For more information, see NetFlow Collector Manager Installation
in the NetIQ Sentinel Installation and Configuration Guide.