Thanks, can I get this all from the Cisco website?

I like this one, you can use this permenantly for free if you only monitor up to (2) interfaces. Otherwise, you can get a 30 day trial.

http://manageengine.adventnet.com/products/netflow/index.html

You can configure Netflow on the appropriate interface by doing the following:

!

config t

interface fa4

ip route-cache flow

exit

ip flow-export version 5

ip flow-export destination 192.168.1.1 9996

!

Replace the interface and destination IP to match your needs.

Hi, which one is it I need to download?

Is the Cisco one not free?

http://download.adventnet.com/products/netflow/2028821/ManageEngine_NetFlowAnalyzer_6002.exe

Cisco has other links but most of them are for UNIX and Linux.

http://www.cisco.com/en/US/products/ps6601/networking_solutions_products_generic_content0900aecd805ff72b.html

Right all installed, I'm using a Cisco 837 as a VPN, woudl I monitor the ATM0, Dialer 1 or Ethernet 0 which is the router IP?

You can configured it on the ethernet0 interface and dialer1

Hi, I have installed in on a server with an IP of 192.168.100.1 and added your config to the Ethernet 0, but not data is going to the Netflow webserver, how can I check it can conncet this server or it is working?

show ip cache flow

Here it is:

IP packet size distribution (26605 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .770 .025 .106 .026 .028 .019 .002 .001 .001 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.000 .000 .000 .001 .014 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes

8 active, 4088 inactive, 268 added

9944 ager polls, 0 flow alloc failures

Active flows timeout in 30 minutes

Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 21640 bytes

8 active, 1016 inactive, 258 added, 258 added to flow

0 alloc failures, 0 force free

1 chunk, 1 chunk added

last clearing of statistics never

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow

TCP-WWW 3 0.0 5 99 0.0 0.2 1.6

TCP-SMTP 19 0.0 1 60 0.0 0.8 15.4

TCP-other 163 0.0 115 100 1.3 8.9 6.6

UDP-DNS 25 0.0 1 75 0.0 1.8 15.4

UDP-NTP 8 0.0 1 96 0.0 0.0 15.6

UDP-other 16 0.0 1 220 0.0 0.1 15.4

ICMP 26 0.0 2 306 0.0 1.6 15.4

Total: 260 0.0 72 100 1.3 6.0 9.8

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts

Et0 172.19.10.17 Di1 192.168.101.1 06 05B5 0401 2

Et0 172.19.10.11 Di1 192.168.101.8 06 0446 0A26 1788

Et0 172.19.10.17 Di1 192.168.101.7 06 0491 0A26 1251

Et0 172.19.10.20 Di1 192.168.101.8 06 04B6 0A26 2041

Et0 172.19.10.22 Di1 192.168.101.7 06 0610 0A26 523

Et0 172.19.10.18 Di1 192.168.101.3 06 0853 0475 8

Et0 172.19.10.18 Di1 192.168.101.7 06 06F1 0A26 295

Et0 172.19.10.21 Di1 192.168.101.8 06 070B 0A26 1784

f3rryun1t2#

Looks good and now...

show ip flow export

Hi, I'm not near my pc but will be in an hour so will post the results, however, I tried that earlier and remember lots of zeros in the table as of there is no data, any reason for this?

Hi, here it is, is the source IP ok?:

User Access Verification

Router#show ip flow export

Flow export v5 is enabled for main cache

Exporting flows to 192.168.100.1 (9996)

Exporting using source IP address 86.84.80.x

Version 5 flow records

1371 flows exported in 399 udp datagrams

0 flows failed due to lack of export packet

0 export packets were sent up to process level

0 export packets were dropped due to no fib

0 export packets were dropped due to adjacency issues

0 export packets were dropped due to fragmentation failures

0 export packets were dropped due to encapsulation fixup failures

Router#

You can change that if you want to but yes it is exporting the Netflow information to the server. All you need to do is configure the Netflow server with the router and interfaces.