Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
362
Views
5
Helpful
3
Replies

Netflow from Cisco Netflow Collection Engine to CS MARS

eander123
Level 1
Level 1

‎10-18-2006 03:25 PM - edited ‎03-10-2019 03:17 AM

I have been setting up a MARS appliance on our network lately. Right now it is only receiving information from a few IPS'. Now I'm getting ready to set it up to collect netflow. I just found out that we have a Cisco Netflow Collection Engine (don't know version yet) running on our network. I assume that I could use that machine to get my netflow data instead of configuring every switch and router to push that data directly to the MARS machine (in addition to the netflow collector). I didn't find any mention of forwarding to a MARS appliance or any netflow consumer when skimming the manual for the Netflow Collection Engine, but it looks like it is possible.

Is this a good idea? Is it possible?

Thanks!

Labels:
0 Helpful
3 Replies 3

andrew.burns
Level 7
Level 7

‎10-20-2006 05:35 AM

Hi,

This would assume that you wanted the same set of devices to report to both MARS and the NCE which I'm not sure would be what you want.

Also, I'd suspect it wouldn't be possible as the NCE would have to rewrite the destination IP to be the MARS IP and re-send the packet which I'm pretty sure it can't do.

The best solution would be to configure additional netflow destinations as long as your ios/catos supports it.

HTH

Andrew.

eander123
Level 1
Level 1
In response to andrew.burns

‎10-20-2006 09:31 AM

Thank you very much, Andrew. I think we will end up having our netflow "producers" simply send netflow separately to NCE and MARS.

-Erik

0 Helpful

mhellman
Level 7
Level 7
In response to eander123

‎10-20-2006 12:19 PM

On the bright side...at least according to Cisco's own tests, adding a second netflow destination might not impact your networking equipment all that much:

http://www.cisco.com/application/pdf/en/us/guest/tech/tk812/c1550/cdccont_0900aecd802a0eb9.pdf

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card