• English日本語한국어
  • Log inStart now

Set up network flow data monitoring

You can use our guided install process to install the network flow monitoring agent, or install the agent manually. This doc covers prerequisites to start this install process and a step-by-step walk through of your install options.

Prerequisites

Before you can start, you'll need to sign up for a New Relic account. If you choose to install the agent manually, you also need:

  • A New Relic account ID.
  • A New Relic .

Supported types of network flow data

Network flow monitoring supports the four primary types of network flow data and their derivatives. When running the agent, you can specify which major type you want to monitor using the -nf.source option.

Tip

Collection of NetFlow v5, NetFlow v9, sFlow, and IPFIX templates can all be handled using -nf.source.=auto on a single agent. This is enabled as a default setting when using the nr1.flow argument at runtime.

When should you scale network flow collection?

When planning your strategy for collecting network flows at scale, the following items should be considered:

  • The ktranslate agent can only perform a single job at a time. An agent running SNMP collection cannot also listen for network flows.
  • The ktranslate agent can only listen for incoming network flows on a single listening port at a time (default: 9995). If you require multiple ports to be open, each requires a dedicated agent, using the -nf.port configuration option at runtime to change the port.
  • The default -nf.source=auto configuration allows the container to listen for multiple standard flow types. If you need to parse other types of flow data like Cisco ASA, Cisco NBAR, or Palo Alto Networks templates, each will require their own agent.
  • New Relic recommends 1 CPU per 2000 flows-per-second (120,000 flows-per-minute). Deciding whether to horizontally scale multiple agents to distribute load or vertically scale a few larger agents to consolidate management is a matter of personal preference.

Set up network flow data monitoring

For most use cases, we recommended our guided install to set up network flow data monitoring. If your set up is more advanced with custom configurations, then we'd recommend installing manually.

Find and use your metrics

All network flow logs exported from the ktranslate container use the KFlow namespace, via the New Relic Event API. Currently, these are the default fields populated from this integration:

Did this doc help with your installation?

What's next?

You can set up some additional agents to complement your network flow data:

Copyright © 2024 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.