These instructions assume:
- The date, time and time zone are correctly set on the router.
- You have Telnet or SSH credentials and access to the Ubiquiti router.
- The IP address of your Auvik collector is known.
If you have a shared collector and want to ensure that it receives netflow data to enable TrafficInsights, you will need to add the source IP address as a /32 in order for Auvik to register the flows from that specific address in the TrafficInsights portal. There may be some delay for the shared collector to receive the data after the change.
Note: Even if that source IP address is already being scanned, you must add a /32 targeting only the source IP address, due to some limitations, the collector can’t tell if it should be sent to site A or B.
Access the router CLI
- Telnet or SSH into the router.
- Enter privileged mode by typing enable and entering your enable password.
Configure NetFlow export
Run the following command. Replace AuvikCollectorIP with the IP address of your Auvik collector and AuvikPort with one of the following ports: 2055, 2056, 4432, 4739, 6343, 9995 or 9996.
configure set system flow-accounting interface <interface> # Optional parameter if flows should be collected for egress traffic. set system flow-accounting netflow enable-egress set system flow-accounting netflow engine-id <0-255> set system flow-accounting netflow server <AuvikCollectorIP> port <AuvikPort> set system flow-accounting netflow version 9 commit
Set up the NetFlow sampler
Run the following command:
set system flow-accounting netflow sampling-rate <128, 256, 512, 1024>
Enable and configure export of NetFlow packets
Run the following command. Replace <AuvikCollectorIP> with the IP address of your Auvik collector, and <AuvikPort> with one of the following port numbers: 2055, 2056, 4432, 4739, 6343, 9995, or 9996.
set system flow-accounting netflow server <AuvikCollectorIP> port <AuvikPort> set system flow-accounting syslog-facility daemon commit save exit
Confirm the settings
Run the following command to confirm the configuration:
sudo ifconfig <INTERFACE> sudo tcpdump -i any -n port <netflow port>
Reference:
https://help.ubnt.com/hc/en-us/articles/360008732414-UNMS-v1-NetFlow