This is an app for Netflow. It contains a dashboard calculating key netflow statistics.
Netflow logs are collected using a fluentd netflow plugin and then forwarded to an HTTP collector on Sumo Logic's side.
- Install fluentd
- Install one of the following fluentd input sources to handle collection of netflow data. Each are recommended from Fluentd's docs, but the latter seems to be receiving more frequent updates. fluent-plugin-netflow or fluent-plugin-netflowipfix
- Install the SumoLogic fluentd output plugin
- Create a hosted collector in SumoLogic and add an HTTP source
- Modify the fluentd config file to reference the new input/output plugins (sample config shown below for netflowipfix)
- Restart the fluentd agent after updating the config file
##Netflow input
<source>
type netflowipfix
tag netflow.event
bind {IP address for plugin to accept Netflow}
port {UDP port for plugin to accept Netflow; 5140 is default}
</source>
##Sumo Logic output
<match **>
@type sumologic
endpoint {Sumo HTTP endpoint}
</match>
- Monitor stdout for errors after starting the fluentd agent and check the fluentd log for specifics
- Verify that your input/output plugins are installed in the correct plugin directory so that the fluentd agent can find them
- Comment out any unused input/output plugins in the config file
- Use this netflow generator to test a config on your own in a lab env
Update $$Netflow to _sourceCategory=yourSourceCategory
Once imported, the app should automatically be setup to query against Netflow logs.