Export Netflow from Windows Server to LogicMonitor

Exporting Netflow from Windows with FlowTraq Exporter

NetFlow is an industry standard network protocol for monitoring traffic flows across a network interface. It is used most commonly by devices like firewalls, routers, and switches, but some software packages make it possible to export Netflow data from a server operating system - in this case Windows - to a Netflow collector (LogicMonitor) for traffic analysis.

Instructions

1.) Register for and download the free FlowTraq Exporter.

2.) Download WinPcap (Windows packet capture library).

3.) Install WinPcap on the server you wish to export Netflow data from.

4.) Install and configure Flowtraq Exporter on the server you wish to export Netflow data from.

• - Select an interface from which to export Netflow data on the server.
• - Point the Netflow export data to the LogicMonitor Collector that will be monitoring the device and ingesting the flow data.
• - The LogicMonitor collector listens for Netflow on port 2055 out-of-box.

5.) Stop the Windows service "ProQueSys Flow Export."

6.) Edit the configuration file located at "C:\Program Files (x86)\ProQueSys\Exporter\flowexport.conf"

• - Change the bit that says "nf9" to "nf5" to export Netflow in a compatible format.

7.) Start the Windows service 'ProQueSys Flow Export.'

8.) Make sure the device is in LogicMonitor and has Netflow collection enabled, pointing to the correct collector.

9.) Give LogicMonitor 5-10 minutes to start processing the flow traffic and soon you'll have some flow data on the device Traffic tab.