Tariscope 4.x. Administrator's guide
Chapter 3. Tariscope configuration
3.19. NetFlow / IPFIX / rFlow collector
The NetFlow / IPFIX / rFlow collector (hereinafter "Collector") is intended for collection of information about IP traffic from the data transfer devices that use the following protocols: NetFlow v.5 or v.9, IPFIX, rFlow.
The Collector can be installed on any computer that has a connection to the Tariscope server. As one option, the Collector can be installed on the same computer where the Tariscope server is located.
To configure the Collector, in the configuration tree, select the NetFlow/IPFIX/rFlow Collector branch. The Tariscope window will be as shown in Figure 3.19.1.
Figure 3.19.1
Click on the Configure link. The program window will be as shown in Figure 3.19.2.
Figure 3.19.2
The Data collection and primary processing section of the window defines parameters, which affect on the amount of data in the Tariscope database and log files.
In the Listen ports box, type a port number of TCP/IP through which the Collector will get the IP traffic data. By default: 2055. The same port number should be set in the data transmission device. If you use more than one port their numbers must be entered separated by commas.
The Collector, except processing the incoming data stream and writing it to the Tariscope database, backs up the data stream into a binary file in the format in which the it received data.
In the Log folder box, specify a path to folder where logs will be stored.
In the New file every list, select the required period to create a new log. There the following options:
- Don't rotate. The data will be permanently stored in the single file if its size does not exceed the value specified in the Maximum log size box.
- Every hour. A new log file will be created every hour, if its size does not exceed the value specified in the Maximum log size box.
- Every day. A new log file will be created every day, if its size does not exceed the value specified in the Maximum log size box.
- Every month. A new log file will be created every month, if its size does not exceed the value specified in the Maximum log size box.
Another parameter that affects the period of the creation of a new log file is its size, which is set in the Maximum log size box. When the specified size is reached the current log file closes and a new one creates. Enter a desired value in the box. By default: 200 MB.
To reduce the size of the log file on disk, you can use its compression. To configure compression, in the Compression list, select an option from the following ones:
- None. The compression is not used.
- Zip. It is used to compress into the Zip archive.
- Bzip. It is used to compress into the Bzip archive.
- Zlib. It is used to compress into the Zlib archive.
The Collector may use a time zone, which is installed on a computer with Tariscope, during processing the received data. For this purpose, select the Respect time zone check box.
To reduce the amount of the Tariscope database with information about network traffic, if there is no need for full detail, specify the required level of a data aggregation.
Select the Aggregate addresses to networks check box, when sufficient data is grouped to the level of IP networks specified in the Provider and rates → a particular provider → IP networks. Selecting this check box reduces the load on SQL Server, and therefore improves performance of Tariscope.
You can specify the aggregation to the level of IP ports. To do this, select the Aggregate ports check box.
You can specify the aggregation to the level of IP protocols. To do this, select the Aggregate protocols check box.
You can specify the aggregation for a certain period of time, which is set in the Aggregate time to list. The list contains the following options:
-
None. The aggregation for the time period is not applied.
- Second. Aggregating the data received during one second.
- Minute. Aggregating the data received during one minute.
- Ten minute. Aggregating the data received during ten minutes.
- Hour. Aggregating the data received during one hour.
- Day. Aggregating the data received during one day.
To store the processed data in the Tariscope database, you should configure parameters that are specified in the Database and rating section.
To change the connection data to the Tariscope server, click on the Change Tariscope connection options link. In the appeared window, specify a server name, its IP address and select an option of authentication. If you select the Windows Authentication option, not have to specify any more parameters. If you select the SQL Server Authentication option, type a name and password of user.
In the Db Save interval box, type a time period through which the processed data will be recorded in the Tariscope database. The load on the server increases with short time period. The default value is 3000 ms.
When the need for rating immediately upon receipt of the traffic data, select the Online cost charging check box. If rating is not specified, it can be done at any convenient time.
The Collector can write a log with varying degrees of detail. The level of detail is determined by the value specified in the Log level list. There are the following options:
- Status,
- Critical error,
- Error,
- Warning,
- Information,
- Advice,
- Debug.
Status is the least detailed level, and Debug is the most detailed level of logging.
At the end of the configuration, click on the Save icon on the toolbar.
Start and stop of the Netflow/IPFIX/rFlow collector
To start the Collector service, click on the here link in the window shown in Figure 3.19.2, or click on the NetFlow/IPFIX/rFlow Collector branch in the configuration tree. As a result, the program window will be as shown in Figure 3.19.1.
The current status of the service is displayed the Service status position. When the page is opened initially, the value of the position is "Not installed".
To install the service, click on the Install service link. The Service status position displays "Stopped" in case of a normal installation. The Install service link is replaced to the Uninstall service link and the Start service link is active.
To start the service, click on the Start service link. The Service status position displays "Running". The Start service link is replaced to the Stop service link. The Uninstall service link is inactive.
After the service start we recommend to click on the Service log link or select on the same branch in the configuration tree and make sure there are no errors. If the log contains errors, stop the service, return to the configuration and, validate the configuration data. After that, start the service.
To stop the service, click on the Stop service link. The Stop service link is replaced to the Start service link, and the Uninstall service link is active. The Service status position displays "Stopped".
The service keeps a log of its work. To see this log, select in the configuration tree: NetFlow/IPFIX/rFlow Collector → Service log.
