The Forwarding page is used to relay measurements to a remote machine for analysis.
Topics:
- How do I configure flow forwarding?
- How do I convert sFlow to NetFlow?
- How do I configure event forwarding?
How do I configure flow forwarding?
Select Flows from the Options: list. The following Flow Forwarding Settings are available:
- Enabled, enables or disables forwarding of sFlow for this entry.
- Source, filter by input feed type. If set to sFlow then only sFlow input feeds will be forwarded. If set to NetFlow then only NetFlow/IPFIX feeds will be forwarded.
- Agent Address, specify the agent or agents to be monitored. An agent can be specified by its domain name or IP address. If a subnet is specified then all the agents in that subnet will be monitored. For example: a value of 10.0.0.254 would forward traffic data collected from 10.0.0.254; a value or 10.0.0.0/24 would forward traffic from all the agents in the 10.0.0.0/8 subnet (including 10.0.0.254) and finally 0.0.0.0/0 will forward traffic from all IPv4 agents. If an individual interface is specified using the form 10.0.0.254>17 then only traffic data to or from that interface will be forwarded.
- Destination Address, specifies the address of the host that will receive the forwarded sFlow. The address can be specified using the host address or domain name. A value of localhost or 127.0.0.1 will direct packets to the host running Traffic Sentinel. If you are receiving packets on the local machine, you must change the port from 6343 to some other value (see below).
- Port, specifies the UDP port that will receive the forwarded sFlow packets. The well known port for the sFlow protocol is 6343.
- Format, specifies the format to be used when forwarding. Set to match the value under Source to forward the feed unchanged in its native format. Set to NetFlow to convert to NetFlow version 5 before exporting.
- Comment, a comment describing the entry.
Note: If you want to forward sFlow to another application running on the same machine as Traffic Sentinel, you cannot use port 6343. Traffic Sentinel uses port 6343 to receive sFlow and so no other application will be able to open the port. In order to prevent looping of packets, Traffic Sentinel will report an error if you try to forward to port 6343 on any of the local interfaces.
How do I convert sFlow to NetFlow?
Set the Format to NetFlow to convert incoming sFlow to NetFlow version 5. This will allow an application that only understands NetFlow to receive data from Traffic Sentinel.
Note: Attempting the reverse, i.e. forwarding a NetFlow input as sFlow is not a valid transformation. It is only possible in the case where the receiver is also an instance of Traffic Sentinel.
How do I configure event forwarding?
Any events that appear under Sentinel: Events>List can be forwarded via:
- RSS feed
- system log
- SNMP trap
To use the RSS field, simply select the event list that you want to follow, then click the button.
To configure syslog, SNMP Trap or email forwarding of events; select Events from the Options: list. The following Event Forwarding Settings are available:
- Syslog Severity, the severity of events to be forwarded by syslog.
- Syslog Type, the type of events to be forwarded by syslog.
- Syslog Destination, the address of the syslog server collecting events.
- Syslog Destination Port, the UDP port that the syslog server is using to reciever events.
- Sylog Enable, enable/disable forwarding of events to the syslog server.
- SNMP Trap Severity, the severity of events to be forwarded by SNMP trap.
- SNMP Trap Type, the type of events to be forwarded by SNMP trap.
- SNMP Trap Destination, the address of the SNMP trap receiver collecting events.
- SNMP Trap Community, the SNMP community string to be used when sending an SNMP trap.
- SNMP Trap Destination Port, the UDP port that the SNMP trap receiver is using to receive events.
- SNMP Trap Enable, enable/disable forwarding of events to the SNMP trap collector.
- Email Severity, the severity of events to be forwarded by email.
- Email Type, the type of event to be forwarded by email.
- Email Addresses, a comma separated list of email recipients.
- Email Format, the format of the email messages.
- Email Language, the language used for HTML formatted messages.
- Email Enable, enable/disable forwarding of events by email.
For mail to be forwarded successfully the service sendmail must be configured on your server (see FAQ: How do I configure email forwarding?). Use a comma separated list of addresses if you want to send email events to more than one recipient.
The SNMP traps are described by the INMON-TRAP-MIB.