Overview

...

3. Now you will define match and collect statements to capture fields to include in the flow record

#match ipv4 source address

#match ipv4 destination address

#match ipv4 protocol

#match transport source-port

#match transport destination-port

#match ipv4 tos (to collect the type of source data)

...

#wr mem (to save configuration)

...

VERIFICATION OF CONFIGURATION

Verification

...

To verify whether getting the logs or not go to UI>system tab > logs flow collection status>match whether IP is sending logs or notcan be done either from CCE Server or from UI.

Using UI

STEP 1: Login to UI >> SYSTEM

...

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .

...

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.

...

Using CCE SERVER

“sudo tcpdump -i any host 514 and host <IP address> -AAA” command should be ran on CCE server to check wheather or not we are getting logs .