Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Configuring the sFlow Collector

Table of Contents

Overview

We are providing you with the steps to integrate your DP Link with Seceon SIEM so One can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). In this document, we are guiding you through the steps for Log forwarding.

Steps of Configuration

Step 1. Login to the device as admin access.

Step 2. Choose the menu MAINTENANCE > sFlow > sFlow Collector to load the following page.

Figure 2-2Configuring the sFlow Collector

...

Step 3.Follow these steps to configure the sFlow Collector:

...

Collector ID

Displays the Collector ID. The switch supports 4 collectors at most.

Description

Give the collector a description for identification with 16 characters at most.

Collector IP

Enter the IP address of the host that runs the sFlow Collector.

Collector Port

Specify the UDP port number for the sFlow collector. The default is port 6343.

Maximum Datagram Size

Specify the maximum number of data bytes that can be sent in a single sample datagram. Valid values are from 300 to 1400 bytes and the default is 300 bytes.

Timeout (s)

Specify the aging time after which the sFlow Collector will become invalid. Valid values are from 0 to 2000000 seconds; the default is 0, which means the collector is always valid.

Lifetime (s)

Displays the remaining time of the collector. Lifetime counts down from Timeout.

2)Click Apply.

Refer Link- https://www.tp-link.com/us/configuration-guides/configuring_sflow/?configurationId=18211#using_the_cli_2_2

Verification Of Configuration

Verification can be done either from CCE Server or from UI.

Using UI

STEP 1: Log in to UI >> SYSTEM

...

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS.

...

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.

...

Using CCE Server

sudo tcpdump -i any host 514 and host <IP address> -AAA” command should be running on the CCE server to check whether or not we are getting logs.