The Flow Interface Manager enables you to limit the flow data that SevOne NMS processes from specific devices and from specific interfaces. When you enable devices to send flow data to SevOne NMS, SevOne NMS allows and processes all flow data by default. Devices have the potential to send large amounts of flow traffic. The rules you define here override the global flow rules you define on the Flow Rules page.
To access the Flow Interface Manager from the navigation bar, click the Administration menu, select Flow Configuration, and then select Flow Interface Manager.
The list displays the following information for all devices from which SevOne NMS can receive flow data. Click the Display drop-down to display rules for All Sources, Allowed Sources, or Denied Sources.
Device – Displays the name of the device when SNMP resolvable. Displays Unknown if you do not enable the SNMP plugin for the device.
IP Address – Displays the IP address of the device.
Total Flows - Displays the number of flows processed per second across all interfaces on the device over the past minute. Malformed flows and flows denied by a rule are not processed. The flow rate on the Flow Interface Manager is calculated after duplication.
The Flow Interface Manager displays the rate of flows over the past minute for each interface and direction after SevOne NMS duplicates flows that lack directional information. Since NetFlow v5 only exports information about the incoming interface, SevOne NMS duplicates the flow statistics for v5 NetFlow to factor for outgoing flows on devices that use v5 NetFlow. Therefore, if your network only uses v5 NetFlow, you can expect the flow rate to be double the actual rate of flows that arrive. The flow rate on the Flow Interface Manager is therefore different from the flow rates that display in FlowFalcon reports and on the Cluster Manager, Peer Overview tab which use different calculations.
Number of Interfaces – Displays the number of interfaces on the device from which flow data is received.
Allowed Direction - Displays the number of interfaces from which flow data is processed and the number of directions of flow data received. Each interface can have incoming flow and outgoing flow and you can define rules to deny flow by direction.
Sample Rate - Displays the flow data sample rate when the interface sends sampled flow data. This column is only available when you select the Display Flow Sample Rates check box on the Cluster Manager > Cluster Settings tab > FlowFalcon subtab.
n/a – Flow data has yet to be received from the interfaces.
1x - Sample rate is 1-to-1 (data is not sampled).
<n>x – The sample rate (e.g., if 1 packet out of 100 packets is received, this column displays 100x).
Some flow devices only record data for a selection of messages that the device encounters based on a sample flow rate. The device notifies monitoring systems about only a fraction of its total traffic. The sample rate enables SevOne NMS to scale the data to compensate for the lack of notification of sampled data. The Sample Rate column is only available when you select the Display Flow Sample Rates check box on the Cluster Manager > Cluster Settings tab > FlowFalcon subtab.
Peer - Displays the name of the peer that receives the flow data.
Select one or more devices and the following highlighted controls are available from the navigation bar and drop-down to manage the selected device(s) and its associated flow data.
Allow Flows - to process the flow data across all interfaces on the selected devices.
Deny Flows - to not process the flow data for the selected devices.
Delete Device Rules to delete the selected flow device(s) and its associated flow data.
To be able to delete a device from Flow Interface Manager, the incoming flows must be stopped from the device being deleted. Otherwise, it will be immediately be recreated and not deleted.
CSV - to create a .csv report on all devices with flow. This includes such details as peer name, flows per second, maximum sample rate, interface, etc.
Stats - click the drop-down and select Selected Devices to view statistics for selected devices or All devices to view statistics for all devices. This creates a .csv file with information such as number of accepted flows, number of dropped flows by duration, total number of dropped flows, etc.
Display - click the drop-down to display rules for All Sources, Allowed Sources, or Denied Sources.
Click and select Purge Device Flows to delete the flow data processed for the devices.
Select a device from the list or hover in the Actions column on a row for the device and its associated flow data you wish to delete. Click on to delete the flow device and its associated flow data.
Click on OK in the warning message pop-up if you are sure you want to delete the selected flow device. Click on Cancel or x to cancel the operation.
This allows deletion of only one selected flow device at a time.
Select a device from the list or hover in the Actions column on a row for the device whose interface you want to manage. Click on to manage the selected device's interface.
The Edit Flow Interfaces pop-up enables you to manage flow rules at the interface level.
The list displays the following information for each individual interface on the selected device.
Interface - Displays the interface number the device sends to SevOne NMS.
Last Seen - Displays the last time flow data passed through the interface.
Last Write - Displays the last time flow data from this interface was written to the database. This is either the last time flow data was received for the interface or the last time SevOne NMS wrote flow data to the database based on the Write Interval you define on the Cluster Manager > Cluster Settings tab > FlowFalcon subtab.
Direction - Displays Incoming for incoming flow data or displays Outgoing for outgoing flow data.
Flows/Sec - Displays the number of flows processed per second across the interface over the past minute.
Sample Rate - Displays the flow data sample rate when the interface sends sampled flow data.
n/a – Flow data has yet to be received from the interfaces.
1x - Sample rate is 1-to-1 (data is not sampled).
<n>x – The sample rate (e.g., if 1 packet out of 100 packets is received, this column displays 100x).
The sample rate enables SevOne NMS to scale the data to compensate for the lack of notification of sampled data. The Sample Rate column is only available when you select the Display Flow Sample Rates check box on the Cluster Manager > Cluster Settings tab > FlowFalcon subtab.
Permission - Displays Allow when data is processed across the interface. Displays Deny when data is not processed across the interface.
Creator - Displays System when SevOne NMS creates the interface or a FlowFalcon Interface rule updates the interface. Displays User when a user creates or updates the interface.
Reason - Displays Normal when data can be processed across the interface. Displays Exceeds Capacity when the object count exceeds the peer license capacity and flows cannot be processed for the interface. For licensing purposes, each interface is equal to 300 objects.
To manage the interface(s), select one or more interface from the list. Click drop-down and select one of the following options.
Allow Flows - to process the flow data across the selected interface(s).
Deny Flows - to not process the flow data across t he selected interface(s).
Delete Interface - to delete the selected flow device interface(s) and its associated flow data.
To be able to delete an interface from a device, the flows received, related to this device, must not contain information for the interface to be deleted. Otherwise, it will be automatically recreated and not deleted.
Purge Interface Data - to delete the flow data for the interfaces.
Select an interface from the list or hover in the Actions column on a row for the interface you want to delete. Click on to delete the selected interface and its associated flow data.
Click on OK in the warning message pop-up if you are sure you want to delete the selected interface. Click on Cancel or x to cancel the operation.
This allows deletion of only one selected interface at a time.