MIMIC NetFlow Simulator is an optional MIMIC protocol module to simulate one or more NetFlow / IPFIX exporters.
It can be installed after the base MIMIC installation as below.
-
At this point you should have MIMIC installed, and the MIMICview GUI
running
(see details)
. If you don't have MIMICview running, please consult your license e-mail
to get it installed and running.
-
Check whether you already have NETFLOW enabled in MIMIC as shown in the
Help -> About Mimic... dialog in MIMICview. It should be listed
under Loaded protocols. If already there, then skip to step 7.
-
Run Protocol Wizard using the Wizards -> Protocol Wizard menu in
MIMICView
(see details)
-
Select NetFlow Simulator in Select Protocols dialog
if not already selected. Press Next.
-
Supply corresponding license keys from the license email in the
Supply License Keys dialog. Then press Next.
-
The Result Installing/Uninstalling Protocols dialog shows
what got done. Press Finish to proceed. When the
simulator restarts, you should have NetFlow enabled.
Download optional sample NetFlow packages
-
At this point, you should have NetFlow enabled in MIMIC as shown in the
Help -> About Mimic... dialog in MIMICview. It should be listed
under Loaded protocols. If not, send us the MIMIC log.
(see details)
-
Invoke the MIMICview Wizard -> Update menu to download and
install NetFlow packages
(see details)
-
Check under the section Collections for NetFlow Packages.
If not there, then it is already installed. Else, select it, and
press Next to install.
Firewall permission for www.gambitcomm.com , port 80 is needed to run the Update Wizard over the web.
Please visit this link for alternative MIMIC update instructions in case you don't have Internet to use the Update Wizard over the web connection on the MIMIC system:
http://www.mirror1.gambitcommunications.com/update/mibs/mimic-update-xxxx/
where xxxx is current MIMIC version e.g. for 20.10 it is 2010
Enable NetFlow in MIMIC
Advanced configuration
NetFlow packets are generated at most one every second by default, even if the dfs_interval value is less than 1000 msec in the corresponding agent NetFlow configuration file.
The rate can be increased to up to 1000 every second by having a config/netflow.cfg file in MIMIC install area (c:\Apps\Mimic.xxxx or /usr/local/mimic) with a line as below and dfs_interval value as 1 in the corresponding agent NetFlow configuration file:
timer_interval_in_msec = 1
The MIMIC simulator must be restarted after creating the file and new log must show this line:
NETFLOW: timer_interval_in_msec = 1 (default 1000}
NOTE: This will impact performance of the simulator. Set this only if you need to generate messages more frequently than 1 every second.
Configuring a MIMIC agent as a NetFlow Exporter
-
Restart MIMIC and select an agent in MIMICView. Stop it if it is already
running. Invoke Edit -> Configure -> All dialog
(see details)
. In the
Advanced tab select the check box labeled NETFLOW.
A tab will appear, also labeled NETFLOW. Select it and use the browse button to select an existing NetFlow configuration file, for example sample_v9.cfg.
-
Configure flow generation from the agent to a NetFlow collector using
the provided Collector and Collector Port fields. The
collector will accept space separated list of either IP addresses or
node names as input (must be in DNS if a node name is used)
(see details)
.
-
When the agent is started, NetFlow data will be exported from the agent
as specified by the NetFlow configuration file. The IP addresses and
protocol type information are randomized by the NetFlow Recorder and
will not contain the exact data contained in the pcap input file.
The configuration file is user-editable and conforms to the specifications of RFC3954 (Cisco Systems NetFlow Services Export Version 9). Reference this document for information about fields contained in the configuration file.
-
To verify that NetFlow data is being exported from the MIMIC agent,
select the agent, click the Statistics tool on the context menu, and
check the NetFlow tab. Alternatively, or additionally, right click the
agent and select Agent -> Trace -> NetFlow to enable protocol
tracing in the user log. The log should show entries resembling the
following:
agent 7 trace enabled for NETFLOW NETFLOW[AGT=7]: sent to [192.9.200.45,2055]
-
You can use Netflow Wizard (Wizard->Netflow menu) to create and edit
the NetFlow configuration file
(see details)
.
More
-
Our
videos page
has many videos of NetFlow simulations.
- Please refer to the MIMIC Online Help topic Optional Protocol Modules -> MIMIC NETFLOW Protocol Module Guide for further guidance by invoking Help -> Contents menu in MIMICView for full details, or access it here .