Netflow Analyzer with mikrotik

    6806

    Exporting NetFlow data from a Mikrotik router

    • Firstly, download the installer for ManageEngine Netflow Analyzer from https://www.manageengine.com/products/netflow/download.html and install it on your PC or server.
    • You can leave the port settings as default. Do take note however, if you’re installing it on your Virtual Private Server (VPS) or a server somewhere, make sure that you have the correct ports opened on your firewall.
    • Once you have finished installation, navigate to http://localhost:8080 or the file directory location you have the app installed and login with Username: admin Password: admin and this is what you should see:

    netflow

    • As you can see no devices are exporting Netflow / sFlow data at this stage since we have not yet configured any, but the application is now listening on port 9996 which is what we want.
    • To access your Mikrotik device, you can opt to use Secure Shell (SSH) or Telnet.
    • Once you are in the Command line Interface (CLI) of your Mikrotik router, run the following command:

    /ip traffic-flow <Press enter>

    /ip traffic-flow> set enabled=yes interface=ether3-local-slave <Press Enter>

    /ip traffic-flow> target <Press Enter>

    /ip traffic-flow target> add address=192.168.0.10:9996 disabled=no version=9 <Press Enter>

    • Replace the IP address with the NetFlow Analyzer host IP address and interface you want the traffic flow.
    • cliOnce you have done this, go back to your Netflow Analyzer webpage at localhost:8080 and refresh the page, you should see that previous error message is gone and there is now a pie graph and a couple of other stats, and it should look something like this:
    • dashboardAnd if you decide to go click on your device name, and look around a bit, you will find all sorts of useful info such as source and destination traffic, applications etc.

    dashboard2