NetFlow and Visualization

In the topology, the Syslog server is also a NetFlow collector. The firewall is configured as a NetFlow
exporter.

---

a. Click the Syslog Server to bring up its window. Close the AAA Accounting Records

window.

b. From the Desktop tab, select Netflow Collector. The NetFlow collector services should

be turned on.

c. From any PC, ping the Corp Web Server at 209.165.200.194. After a brief delay, the pie

chart will update to show the new traffic flow.
Note: The pie charts displayed will vary based on the traffic on the network. Other packet flows,
such as EIGRP-related traffic, are being sent between devices. NetFlow is capturing these packets and
exporting statistics to the NetFlow Collector. The longer NetFlow is allowed to run on a network, the
more traffic statistics will be captured.
Reflection
While the tools presented in this activity are useful, each one has its own service and may need to run

on totally different devices. A better way, explored later in the course, is to have all the logging infor-
mation be concentrated under one tool, allowing for easy cross-reference and powerful search capabili-
ties. Security information and event management (SIEM) platforms can gather log files and other infor-
mation from diverse sources and integrate the information for access by a single tool.