Back to top
The Secure60 Netflow Processor is a service that sits alongside the Secure60 Collector and is able to ingest netflow data from network and other devices and process it into a JSON format that is then sent to the Secure60 Collector.
Protocols supported:
Deployment is available via a single docker command (environment file options are available to customise the configuration). By default the solution will work when the Secure60 Netflow Processor is run on the same VM/Host as the Secure60 Collector.
The Secure60 Collector can be run natively in docker (or via Docker compose or Kubernetes), Here is a sample command to spin up the container:
docker run --rm -d --name s60-netflow-processor -p 2055:2055/udp secure60/s60-netflow-processor:1.02
An option exists to include an environment (.env) file to adjust the default configuration: Create .env file with the following value options:
NETFLOW_PORT=2055 Allows you to alter the listening port inside the container
NETFLOW_ROTATION_TIME=300 Adjust the rotation time of files that created inside the container when aggregating flows
S60_COLLECTOR_ADDRESS=http://host.docker.internal:80/netflow Adjust where flows are sent (Secure60 Collector)
NETFLOW_SAMPLING=1 Enables sampling to balance visibility vs volume of data ingested
Run with .env file reference:
docker run --rm --name s60-netflow-processor -p 2055:2055/udp --env-file .env secure60/s60-netflow-processor:1.02
Ensure that environment variable:
ENABLE_NETFLOW=true
ENABLE_GENERIC_NORMALISE=true
is enabed in the Secure60 Collector configuration to ensure that fields are correctly parsed and stored