Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Exporting Netflow data out of Cisco 3850 to the CCE using command line

1.Login to the switch

2.Get into the config mode:

config -t 

3.Run the command:

!
flow record Seceon-CCE
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
!

flow exporter Seceon-CCE
destination IP Address of the CCE (Please note that this is an example IP, which is to be replaced with your CCE IP)
source vlan11
transport udp 9995
template data timeout 60
!
!
flow monitor Seceon-CCE
exporter Seceon-CCE
cache timeout active 60
record Seceon-CCE
!
vlan configuartion 10-30
ip flow monitor Seceon-CCE input

exit

4. Check for the netflows on the OTM :

4.1 Check on the CCE side:

  • Log in to the CCE as seceon user.
  • Run the below command and look for the IP of the switch in the output:
  • sudo tcpdump -i any port 9995

4.2 Check on the GUI:

  • Log into the OTM GUI
  • Go to the "Logs/Flow collection" under the "System Tab"
  • Check for the IP of the switch in the row corresponding to "Flows" in the table shown.

Source: 


Seceon Inc. All rights reserved. https://www.seceon.com